Lucene search

[email protected]CVE-2008-6441

HistoryMar 09, 2009 - 2:30 p.m.

CVE-2008-6441

2009-03-0914:30:00

CWE-134

[email protected]

web.nvd.nist.gov

epic games

unreal engine

cve-2008-6441

format string vulnerability

remote code execution

8.4 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.003 Low

EPSS

Percentile

66.1%

JSON

Format string vulnerability in the Epic Games Unreal engine client, as used in multiple games, allows remote servers to execute arbitrary code via (1) the CLASS parameter in a DLMGR command, (2) a malformed package (PKG), and possibly (3) the LEVEL parameter in a WELCOME command.

CPENameOperatorVersion
epicgames:unreal_engineepicgames unreal engineeq2
epicgames:unreal_engineepicgames unreal engineeq3
epicgames:unreal_engineepicgames unreal engineeq2.5

CPE	Name	Operator	Version
epicgames:unreal_engine	epicgames unreal engine	eq	2
epicgames:unreal_engine	epicgames unreal engine	eq	3
epicgames:unreal_engine	epicgames unreal engine	eq	2.5

References

aluigi.altervista.org/adv/unrealcfs-adv.txt

archives.neohapsis.com/archives/fulldisclosure/2008-09/0190.html

secunia.com/advisories/31854

www.osvdb.org/48290

www.osvdb.org/48291

www.securityfocus.com/archive/1/496297/100/0/threaded

www.securityfocus.com/bid/31141

exchange.xforce.ibmcloud.com/vulnerabilities/45088

exchange.xforce.ibmcloud.com/vulnerabilities/45089

exchange.xforce.ibmcloud.com/vulnerabilities/45090

8.4 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.003 Low

EPSS

Percentile

66.1%

JSON

Related for CVE-2008-6441

cvelist1 prion1