https://www.exploit-db.com/exploits/22224
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200312-157

Unreal引擎是一款被很多游戏使用的网络引擎。UnrealURL(unreal://)不正确过滤用户提交的请求，远程攻击者可以利用这个漏洞进行遍历攻击，以WEB进程权限查看系统任意文件内容。由于对攻击者提交的UnrealURL请求缺少充分过滤，可使用目录遍历攻击导致绕过游戏安装目录，以WEB进程权限查看系统任意文件内容。

source: http://www.securityfocus.com/bid/6775/info

It has been reported that a directory traversal vulnerability exists in several games using some versions of the Unreal Engine.

It is possible for attackers to traverse outside of the game's installation directory using directory traversal sequences.

If the attacker refers to specific files it may be possible to cause the vulnerable game client to crash.

unreal://directoryfile
unreal://....directoryfile

来源:XF
名称:ut-file-directory-traversal(11299)
链接:http://xforce.iss.net/xforce/xfdb/11299
来源:BID
名称:6775
链接:http://www.securityfocus.com/bid/6775
来源:BUGTRAQ
名称:20030211Re:EpicGamesthreatenstosuesecurityresearchers
链接:http://archives.neohapsis.com/archives/bugtraq/2003-02/0142.html
来源:BUGTRAQ
名称:20030205Unrealengine:resultsofmyresearch
链接:http://archives.neohapsis.com/archives/bugtraq/2003-02/0063.html
来源：NSFOCUS
名称：4356
链接：http://www.nsfocus.net/vulndb/4356