Smokey's Security Weblog

veritas odium parit

Highly Critical Vulnerabilities Reported in Unreal Tournament 3

Secunia, a vulnerability intelligence provider, reported today two highly critical vulnerabilities in Unreal Tournament 3 versions 1.2 and 1.3beta4. The vulnerabilities were discovered by Luigi Auriemma.

Vulnerability 1: a problem in the handling of a specific type of packet. In this particular type of packet there is a 16 bit field which specifies the size of the data that follows and if this string is longer than about 172 bytes a memory corruption will occur allowing an attacker to control various registers which could allow the execution of malicious code.

Successful exploitation may allow execution of arbitrary code.

Vulnerability 2: if the amount of data about talked previously is bigger than the total size of the packet the string will not be read and a NULL pointer exception will occur. This type of bug is easily recognizable on the server because the message “Error: Attempted to multiply free a voice packet” is displayed before the crash when the malformed packet is received.

Both vulnerabilities are unpatched, therefore use UT3 in trusted network environments only.

Advertisements

July 31, 2008 - Posted by | Advisories, Alerts, Malware, Recommended External Security Related Links, Vulnerabilities | , , , , , ,

1 Comment »

  1. Hi! I was surfing and found your blog post… nice! I love your blog. 🙂 Cheers! Sandra. R.

    Comment by sandrar | September 11, 2009 | Reply


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: