CVE-2008-6441

CVE Database · CVE-2008-6441

CVE-2008-6441

· N/AModified

CVSS v3.1

N/A

EPSS

3.50%

Published

Mar 9, 2009

Modified

Apr 22, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Format string vulnerability in the Epic Games Unreal engine client, as used in multiple games, allows remote servers to execute arbitrary code via (1) the CLASS parameter in a DLMGR command, (2) a malformed package (PKG), and possibly (3) the LEVEL parameter in a WELCOME command.

Weaknesses (CWE)

CWE-134

Affected Products (3)

epicgames · unreal_enginevulnerable

References (20)

http://aluigi.altervista.org/adv/unrealcfs-adv.txt

Exploit

http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0190.html

Exploit

http://secunia.com/advisories/31854

Vendor Advisory

http://www.osvdb.org/48290