http://secunia.com/advisories/31265/
Secunia Advisory: SA31265
Release Date: 2008-07-30
Critical: Highly critical
Impact: DoS, System access
Where: From remote
Solution Status: Unpatched
Software: Unreal Tournament 3 1.x
This advisory is currently marked as unpatched!
- Companies can be alerted when a patch is released!
Description:
Luigi Auriemma has reported some vulnerabilities in Unreal Tournament, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
1) An input validation error when processing certain packet types can be exploited to cause a memory corruption via a specially crafted packet with an overly large size field (greater than 172 bytes).
Successful exploitation may allow execution of arbitrary code.
2) A NULL pointer dereference error can be exploited to cause a crash via a specially crafted packet with the size field larger than the actual packet size.
The vulnerabilities are reported in Unreal Tournament 3 versions 1.2 and 1.3beta4.
Solution:
Use in trusted network environments only.
Secunia Advisory: SA31265
Release Date: 2008-07-30
Critical: Highly critical
Impact: DoS, System access
Where: From remote
Solution Status: Unpatched
Software: Unreal Tournament 3 1.x
This advisory is currently marked as unpatched!
- Companies can be alerted when a patch is released!
Description:
Luigi Auriemma has reported some vulnerabilities in Unreal Tournament, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
1) An input validation error when processing certain packet types can be exploited to cause a memory corruption via a specially crafted packet with an overly large size field (greater than 172 bytes).
Successful exploitation may allow execution of arbitrary code.
2) A NULL pointer dereference error can be exploited to cause a crash via a specially crafted packet with the size field larger than the actual packet size.
The vulnerabilities are reported in Unreal Tournament 3 versions 1.2 and 1.3beta4.
Solution:
Use in trusted network environments only.
Comment