CVE-2007-4442

Unreal Engine - Denial of Service via Long GIF Filename Request

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-4442. PoCs published by Luigi Auriemma.

AI-analyzed exploit summary The provided text describes a remote denial-of-service vulnerability in the Unreal Engine due to improper bounds-checking of user-supplied input. It mentions potential for remote code execution, though unconfirmed, and lists affected versions including Unreal Tournament 2003/2004 and America's Army 2.8.2.

Description

Stack-based buffer overflow in the logging function in the Unreal engine, possibly 2003 and 2004, as used in the internal web server, allows remote attackers to cause a denial of service (application crash) via a request for a long .gif filename in the images/ directory, related to conversion from Unicode to ASCII.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Luigi Auriemma · textdosmultiple

https://www.exploit-db.com/exploits/30513

View Code ZIP pw:eip

The provided text describes a remote denial-of-service vulnerability in the Unreal Engine due to improper bounds-checking of user-supplied input. It mentions potential for remote code execution, though unconfirmed, and lists affected versions including Unreal Tournament 2003/2004 and America's Army 2.8.2.

Classification

Writeup 90%

Attack Type

Dos

Complexity

Moderate

Reliability

Theoretical

Target: Unreal Engine (Unreal Tournament 2003/2004, America's Army 2.8.2)

No auth needed

Prerequisites: Network access to vulnerable Unreal Engine instance

MITRE ATT&CK