Epic Games Unreal Engine 436 - URL Directory Traversal

Author: Auriemma Luigi
type: remote
platform: multiple
port: 
date_added: 2003-02-05  
date_updated: 2012-10-24  
verified: 1  
codes: CVE-2003-1430;OSVDB-39609  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 22224.txt  

source: https://www.securityfocus.com/bid/6775/info

It has been reported that a directory traversal vulnerability exists in several games using some versions of the Unreal Engine.

It is possible for attackers to traverse outside of the game's installation directory using directory traversal sequences.

If the attacker refers to specific files it may be possible to cause the vulnerable game client to crash.

unreal://\directory\file
unreal://..\..\directory\file