Unrated severityNVD Advisory· Published Jul 12, 2010· Updated Apr 29, 2026

CVE-2010-2702

Description

Buffer overflow in the UGameEngine::UpdateConnectingMessage function in the Unreal engine 1, 2, and 2.5, as used in multiple games including Unreal Tournament 2004, Unreal tournament 2003, Postal 2, Raven Shield, and SWAT4, when downloads are enabled, allows remote attackers to execute arbitrary code via a long LEVEL field in a WELCOME response to a download request.

Affected products

Epic Games/Postal 2
cpe:2.3:a:epicgames:postal_2:*:*:*:*:*:*:*:*
Epic Games/Raven Shield
cpe:2.3:a:epicgames:raven_shield:*:*:*:*:*:*:*:*
Epic Games/Swat 4
cpe:2.3:a:epicgames:swat_4:*:*:*:*:*:*:*:*
Epic Games/Unreal Engine3 versions
cpe:2.3:a:epicgames:unreal_engine:1:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:epicgames:unreal_engine:1:*:*:*:*:*:*:*
- cpe:2.3:a:epicgames:unreal_engine:2:*:*:*:*:*:*:*
- cpe:2.3:a:epicgames:unreal_engine:2.5:*:*:*:*:*:*:*
Epic Games/Unreal Tournament 2003
cpe:2.3:a:epicgames:unreal_tournament_2003:*:*:*:*:*:*:*:*
Epic Games/Unreal Tournament 2004
cpe:2.3:a:epicgames:unreal_tournament_2004:*:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

aluigi.altervista.org/adv/unrealcbof-adv.txtnvdExploit
aluigi.org/poc/unrealcbof.txtnvdExploit
secunia.com/advisories/40466nvdVendor Advisory
osvdb.org/66039nvd
exchange.xforce.ibmcloud.com/vulnerabilities/60142nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.004
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000