Vulnerability CVE-2008-7011
Published: 2009-08-19   Modified: 2012-02-12

Description:
The Unreal engine, as used in Unreal Tournament 3 1.3, Unreal Tournament 2003 and 2004, Dead Man's Hand, Pariah, WarPath, Postal2, and Shadow Ops, allows remote authenticated users to cause a denial of service (server exit) via multiple file downloads from the server, which triggers an assertion failure when the Closing flag in UnChan.cpp is set.

See advisories in our WLB2 database:
Topic
Author
Date
Low
Failed assertion in the Unreal engine
Luigi Auriemma
24.08.2009

Type:

CWE-399

 (Resource Management Errors)

CVSS2 => (AV:N/AC:L/Au:S/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4/10
2.9/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial
Affected software
Whiptail interactive -> Postal 
Red mercury -> Shadow ops 
Human head studios -> Dead mans hand 
Groove games -> Warpath 
Epic games -> Unreal tournament 
Digital extreme -> Pariah 

 References:
http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0321.html
http://www.securityfocus.com/archive/1/496399/100/0/threaded
http://www.securityfocus.com/bid/31205
Copyright 2024, cxsecurity.com

 

Back to Top