Directory Traversal Vulnerability in Unreal Engine by Epic Games
CVE-2004-1958

Currently unrated

Key Information:

Vendor: Epic Games
Status: Unreal Engine; Unreal Tournament 2003; Unreal Tournament
Vendor: CVE Published:; 31 December 2004

What is CVE-2004-1958?

A directory traversal vulnerability exists in the manifest.ini of Unreal Engine that permits remote attackers to overwrite arbitrary files. By exploiting '..' (dot dot) sequences within a crafted UMOD (Unreal MOD) file, attackers can potentially manipulate files on the server, leading to unauthorized access or data corruption. This flaw poses a significant risk, particularly in server environments where users can upload or manage UMOD files.

References

http://aluigi.altervista.org/adv/umod-adv.txt

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/15942

vdb-entryx_refsource_XF

http://marc.info/?l=bugtraq&m=108267310519459&w=2

mailing-listx_refsource_BUGTRAQ

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
May 4, 2005
Vulnerability published
Dec 31, 2004

JSON