https://www.exploit-db.com/exploits/23799
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-268

使用EpicGamesUnrealEngine436版本的游戏存在格式串漏洞。远程攻击者借助类名中的格式串说明符导致服务拒绝（崩溃）和可能的任意代码执行。

source: http://www.securityfocus.com/bid/9840/info

A format string vulnerability has been reported to exists in the Unreal Tournament server engine. This issue is due to a failure of the server application to properly sanitize user supplied network data.

Ultimately this vulnerability could allow for execution of arbitrary code on the system implementing the affected server software, which would occur in the security context of the server process.

Example:

From:
Class=Engine.Pawn

To:
Class=%n%nEngine.Pawn

If the game is vulnerable it will crash when launched.

来源:BID
名称:9840
链接:http://www.securityfocus.com/bid/9840
来源:XF
名称:ut-class-format-string(15430)
链接:http://xforce.iss.net/xforce/xfdb/15430
来源:SECUNIA
名称:11108
链接:http://secunia.com/advisories/11108
来源:aluigi.altervista.org
链接:http://aluigi.altervista.org/adv/unrfs-adv.txt
来源:BUGTRAQ
名称:20040311Re:FormatstringbuginEpicGamesUnrealengine
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=107902755204583&w;=2
来源:BUGTRAQ
名称:20040310FormatstringbuginEpicGamesUnrealengine
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=107893764406905&w;=2