Directory Traversal Vulnerability in Unreal Engine by Epic Games
CVE-2004-1958

Currently unrated

Key Information:

Vendor

Epic Games

Status
Unreal Engine
Unreal Tournament 2003
Unreal Tournament
Vendor
CVE Published:
31 December 2004

What is CVE-2004-1958?

A directory traversal vulnerability exists in the manifest.ini of Unreal Engine that permits remote attackers to overwrite arbitrary files. By exploiting '..' (dot dot) sequences within a crafted UMOD (Unreal MOD) file, attackers can potentially manipulate files on the server, leading to unauthorized access or data corruption. This flaw poses a significant risk, particularly in server environments where users can upload or manage UMOD files.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://aluigi.altervista.org/adv/umod-adv.txt
x_refsource_MISC
https://exchange.xforce.ibmcloud.com/vulnerabilities/15942
vdb-entryx_refsource_XF
http://marc.info/?l=bugtraq&m=108267310519459&w=2
mailing-listx_refsource_BUGTRAQ

Timeline

  • Vulnerability Reserved

  • Vulnerability published

JSON
.