CVE-2004-1958

Epic Games Unreal Engine - Path Traversal

Title source: rule

Description

Directory traversal vulnerability in manifest.ini in Unreal engine allows remote attackers to overwrite arbitrary files via .. (dot dot) sequences in a UMOD (Unreal MOD) file.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Luigi Auriemma · cremotemultiple

https://www.exploit-db.com/exploits/24041

View Code ZIP pw:eip

References (4)

[Exploit] http://aluigi.altervista.org/adv/umod-adv.txt

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/15942

[Mailing List] http://marc.info/?l=bugtraq&m=108267310519459&w=2

[Exploit] http://www.securityfocus.com/bid/10196

Scores

EPSS 0.0472

EPSS Percentile 89.4%

Details

Status published

Products (7)

epic_games/unreal_engine 433

epic_games/unreal_engine 436

epic_games/unreal_tournament 451b

epic_games/unreal_tournament_2003 2199_macos

epic_games/unreal_tournament_2003 2199_win32

epic_games/unreal_tournament_2003 2225_macos

epic_games/unreal_tournament_2003 2225_win32

Published Dec 31, 2004

Tracked Since Feb 18, 2026