CVE-2008-6441

critical

Description

Format string vulnerability in the Epic Games Unreal engine client, as used in multiple games, allows remote servers to execute arbitrary code via (1) the CLASS parameter in a DLMGR command, (2) a malformed package (PKG), and possibly (3) the LEVEL parameter in a WELCOME command.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/45090

https://exchange.xforce.ibmcloud.com/vulnerabilities/45089

https://exchange.xforce.ibmcloud.com/vulnerabilities/45088

http://www.securityfocus.com/archive/1/496297/100/0/threaded

http://www.osvdb.org/48291

http://www.osvdb.org/48290

http://secunia.com/advisories/31854

Details

Source: Mitre, NVD

Published: 2009-03-09

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.02361