Description
The UCC dedicated server for the Unreal engine, possibly 2003 and 2004, on Windows allows remote attackers to cause a denial of service (continuous beep and server slowdown) via a string containing many 0x07 characters in (1) a request to the images/ directory, (2) the Content-Type field, (3) a HEAD request, and possibly other unspecified vectors.
Affected products
- Epic Games / unreal_engine2003 – 2003
- Epic Games / unreal_engine2004 – 2004
References
- MISChttp://www.securityfocus.com/archive/1/477026/100/0/threaded
- VENDOR_ADVISORYhttp://secunia.com/advisories/26506
- MISChttp://securityreason.com/securityalert/3039
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/36103
- MISChttp://www.securityfocus.com/archive/1/478053/100/200/threaded
- MISChttp://www.securityfocus.com/archive/1/478064/100/200/threaded
- MISChttp://aluigi.org/poc/unrwebdos.zip
- MISChttp://aluigi.org/adv/unrwebdos-adv.txt