VDB
CVE-2010-2702
CVE-2010-2702
PUBLISHED
CVSS 9.300000190734863 CRITICAL
Buffer overflow in the UGameEngine::UpdateConnectingMessage function in the Unreal engine 1, 2, and 2.5, as used in multiple games including Unreal Tournament 2004, Unreal tournament 2003, Postal 2, Raven Shield, and SWAT4, when downloads are enabled, allows remote attackers to execute arbitrary code via a long LEVEL field in a WELCOME response to a download request.
EPSS 5.34% · 90.2th percentile
Risk Scores
CVSS 2.0
9.300000190734863
EPSS Score
5.34%
90.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| epicgames | postal_2 | |
| n/a | n/a | * |
| epicgames | unreal_tournament_2003 | |
| epicgames | raven_shield | |
| epicgames | swat_4 | |
| epicgames | unreal_engine | 1, 2.5, 2 |
| epicgames | unreal_tournament_2004 |
Timeline
- Jul 12, 2010 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- Apr 21, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Sep 7, 2023 EPSS Score
References
- 66039 vdb
- 40466 third-party-advisory
- http://aluigi.altervista.org/adv/unrealcbof-adv.txt url
- http://aluigi.org/poc/unrealcbof.txt url
- unrealengine-ugameengineupdate-bo(60142) vdb
- https://nvd.nist.gov/vuln/detail/CVE-2010-2702 advisory