TechSpot

Multitude of Unreal Engine Vulnerabilities

By TS | Thomas
Feb 5, 2003
Topic Status:
Not open for further replies.
  1. Games on all Windows, Linux, & MacOS platforms that implement the Unreal network gaming engine by Epic Games find themselves vulnerable to a laundry list of dangerous exploits. This battalion of vulnerabilities include local & remote DoS, DDoS, Bounce attacks with spoofed UDP Packets, Fake Players, Execution of Malicious Code without size limitations, Unreal URL crash, & more. "Naturally this attack is very very simple, yet very very powerful" explains Luigi. For detailed information please see the full advisory.

    Unfortunately Epic games has been slow to respond or produce a fix of any kind for their customers & clients. As documented within the full advisory, Epic & its employees engaged PivX & its researchers in a variable game of 'cat & mouse' over the course of 3 months prior to this release. "Our goal at PivX is to work with committed vendors in creating fixes & pushing them to market in a timely manner. If raising public awareness helps to succeed that goal, then so be it." Says Geoff Shively, Chief Hacking Officer for PivX Solutions.

    The full advisory also contains a link to a utility to verify how this affects your Unreal engine game.
  2. Nexxus6

    Nexxus6 TS Rookie

    There goes the neighborhood. UT gaming is going to be a bumpy ride very soon. I wonder if the xbox version suffers from these flaws.
  3. TS | Thomas

    TS | Thomas TS Rookie Topic Starter Posts: 1,327

    "PivX Labs is working on duplication of these & other vulnerabilities on console platform versions, i.e.: Unreal Championship for XBox."

    It probably should affect the console versions too I'd imagine. I mean if Epic haven't really bothered changing the netcode much since 1998 (Beyond performance optimizations - mostly CPU server side & some added features) I can't imagine they'd have done that for consoles. Though I guess with consoles they don't need some of the vulnerable features either so maybe not to the extent that the PC releases are anyway.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.