Format String Bug in EpicGames Unreal engine

Published by

Security Focus reports that Luigi Auriemma found a bug in Epic's Unreal engine that was reported to EpicGames on 2th September 2003 and still nothing has been done about it! here's some of the games that are effected!

Unreal 1 Unreal II XMP Unreal Tournament Unreal Tournament 2003

Wheel of Time X-com Enforcer XIII Rainbow Six: Raven Shield Devastation DeusEx America's Army

The problem is a format string bug in the Classes management. Each time a client connects to a server it sends the names of the objects it uses (called classes).

If an attacker uses a class name containing format parameters (as %n, %s and so on) he will be able to crash or also to execute malicious code on the remote server.

Format String Bug in EpicGames Unreal engine