Warp2Search.net » News » March 2004 » Format String Bug in EpicGames Unreal engine

Format String Bug in EpicGames Unreal engine

Posted by: Newsfactory on: 03/11/2004 05:22 PM [ Print | 3 comment(s) ] · 3124 views

Security Focus reports that Luigi Auriemma found a bug in Epic's Unreal engine that was reported to EpicGames on 2th September 2003 and still nothing has been done about it! here's some of the games that are effected!

Unreal 1 Unreal II XMP Unreal Tournament Unreal Tournament 2003

Wheel of Time X-com Enforcer XIII Rainbow Six: Raven Shield Devastation DeusEx America's Army

The problem is a format string bug in the Classes management. Each time a client connects to a server it sends the names of the objects it uses (called classes).

If an attacker uses a class name containing format parameters (as %n, %s and so on) he will be able to crash or also to execute malicious code on the remote server.

Format String Bug in EpicGames Unreal engine

« Aliens vs. Predator · Format String Bug in EpicGames Unreal engine · InterVideo DVD Copy 2 Gold & Platinum »

Comment

vegetto34
Unregistered

#51870 Posted on: 03/11/2004 06:26 PM

LOL What an easy to exploit security hole. I might have some fun with this one.

"Yea uh... patch in 'two weeks'... "

Comment

Devourer
Unregistered

#51873 Posted on: 03/11/2004 07:18 PM

"was reported to EpicGames on 2th September 2003" That's the longest 2 weeks in history. :P

Comment

Chernobyl
Unregistered

Posts: 57
Joined: 2003-05-03

#51877 Posted on: 03/11/2004 09:25 PM

They need to be fined for this sort of conduct, and big fines too. Plain irresponsible!

Warp2Search.net » News » March 2004 » Format String Bug in EpicGames Unreal engine

Format String Bug in EpicGames Unreal engine

Posted by: Newsfactory on: 03/11/2004 05:22 PM [ Print | 3 comment(s) ] · 3124 views

Comment

Comment

Comment

Latest News

Community Forum

Nodes To Friends

Online Users