Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Unreal engine updates and Battle Mages advisory

From: Todd Chapman <tchapman () leoninedev com>
Date: Thu, 11 Mar 2004 13:48:14 -0500
Luigi,
After seeing some doubt expressed by users in the Unreal community, I tried your INI file test this morning on multiple Unreal Tournament products and just now on America's Army 2.0. I confirmed crashes for UT, UT2003 demo, and AA. UT2004 demo ran fine. Results are detailed a little more below.
One question: Do you see the remote code execution as a possibility or did you actually accomplish executing code in your tests? I'm trying to clarify the exact level of threat to some users and they tend to take it more seriously when it can be presented as "verified to be exploitable for practical use not just DoS". 


Results:
Unreal Tournament v451: Crashed with a GPF. Errors noted in log as follows:
-----
ScriptLog: InitGame: ?Name=-TD-PintOStout?;Class=BotPack.TBoss?Class=%n%nBotPack.TMale2?team=1?skin=SoldierSkins.hkil?Face=SoldierSkins.Vector?Voice=BotPack.VoiceMaleTwo?OverrideClass= 
ScriptLog: Base Mutator is CityIntro.Mutator1
Init: Initialized moving brush tracker for Level CityIntro.MyLevel
Log: Bound to UWeb.dll
Critical: UObject::SafeLoadError
Critical: UObject::GetPackageLinker
Critical: UObject::StaticLoadObject
Critical: (Core.Class .TMale2 NULL)
Critical: UObject::StaticLoadClass
Critical: ULevel::SpawnPlayActor
Critical: UGameEngine::Init
Critical: InitEngine
Exit: Executing UObject::StaticShutdownAfterError
Exit: Executing UWindowsClient::ShutdownAfterError
Log: DirectDraw End Mode
Exit: Exiting.
Uninitialized: Name subsystem shut down
Uninitialized: Log file closed, 03/11/04 08:35:07
-----
Current UT2003 Demo (build 2206): Simple shutdown during lauch with no visual error message. Left the log file at home but believe it just stopped. 

UT2004 Demo: Launched without issue
America's Army 2.0: Shutdown during launch similar to UT2003 Demo. Log file just stopped in the middle of a line: 
----
ScriptLog: FontNames[3]=AAFontMedium Fonts[3]=Transient.InteractionMaster0.AAFontMedium0 ScriptLog: FontNames[4]=AAFontMedium Fonts[4]=Transient.InteractionMaster0.AAFontMedium0 
ScriptLog: GUIStyles::Initialize() - AALargeText
ScriptLog: Fon
----


--
Todd Chapman
Systems Architect
TChapman () leoninedev com
Previous By Date Next
Previous By Thread Next

Current thread: