CVE-2010-2702 Information

Description

Buffer overflow in the UGameEngine::UpdateConnectingMessage function in the Unreal engine 1 2 and 2.5 as used in multiple games including Unreal Tournament 2004 Unreal tournament 2003 Postal 2 Raven Shield and SWAT4 when downloads are enabled allows remote attackers to execute arbitrary code via a long LEVEL field in a WELCOME response to a download request.

Reference

http://aluigi.altervista.org/adv/unrealcbof-adv.txt http://aluigi.org/poc/unrealcbof.txt http://osvdb.org/66039 http://secunia.com/advisories/40466 https://exchange.xforce.ibmcloud.com/vulnerabilities/60142