CVE-2004-1958

Description

Directory traversal vulnerability in manifest.ini in Unreal engine allows remote attackers to overwrite arbitrary files via .. (dot dot) sequences in a UMOD (Unreal MOD) file.

Affected products

• Epic Games / unreal_engine433 – 433
• Epic Games / unreal_engine436 – 436
• Epic Games / unreal_tournament451b – 451b
• Epic Games / unreal_tournament_20032199_macos – 2199_macos
• Epic Games / unreal_tournament_20032199_win32 – 2199_win32
• Epic Games / unreal_tournament_20032225_macos – 2225_macos
• Epic Games / unreal_tournament_20032225_win32 – 2225_win32

References

• MISChttp://aluigi.altervista.org/adv/umod-adv.txt
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/15942
• MAILING_LISThttp://marc.info/?l=bugtraq&m=108267310519459&w=2
• MISChttp://www.securityfocus.com/bid/10196