| VID |
23077 |
| Severity |
40 |
| Port |
7777 |
| Protocol |
UDP |
| Class |
UnrealEngine |
| Detailed Description |
A vulnerable game server with the Unreal Engine has been detected as running on the target host.
The Unreal Engine is the famous game engine developed by Epic Games and is currently used for many games in the videogames industry. Multiple game servers with the Unreal Engine could allow a remote attacker to execute arbitrary code on the system, caused by a vulnerability in the Unreal Game Engine. By sending an excessive data to a vulnerable game server through a '\secure\' query, a remote attacker could cause memory corruption and the execution of arbitrary code on the system.
* Note: This check might have disabled the game server to assess this vulnerability, so the service must be restarted to regain its functionality.
* References:
http://www.securiteam.com/windowsntfocus/5BP0P0AD5W.html
http://packetstormsecurity.nl/0406-advisories/unrealCodeExec.txt
http://www.securityfocus.com/archive/1/366611
http://www.securityfocus.com/archive/1/366891
* Platforms Affected:
ARUSH Games, Devastation 390 and prior
ASC Games, TNN Pro Hunter any version
Epic Games, Unreal 226f and prior
Epic Games, Unreal II XMP 7710 and prior
Epic Games, Unreal Tournament 451b and prior
Epic Games, Unreal Tournament 2003 2225 and prior
Epic Games, Unreal Tournament 2004 prior to 3236
gopostal.com, Postal 2 1337 and prior
Hasbro Interactive, Nerf Arena Blast 1.2 and prior
Humanhead Studios, Rune 107 and prior
Infogames, Wheel of Time 333b and prior
Infogames, X-COM Enforcer any version
Ion Storm, DeusEx 1.112fm and prior
Microprose.com, Tactical Ops 3.4.0 and prior
Rage Software, Mobile Forces 20000 and prior
Apple Mac OS Server Any version
Microsoft Windows Any version
Linux Any version |
| Recommendation |
No upgrade or patch available as of June 2014. |
| Related URL |
CVE-2004-0608 (CVE) |
| Related URL |
10570 (SecurityFocus) |
| Related URL |
16451 (ISS) |
|
