I have an update about the methods used to test the format string vulnerability in the Unreal engine I reported yesterday. I have solved a problem in the windows version of my proof-of-concept unrfs-poc (now version 0.1.1): http://aluigi.altervista.org/poc/unrfs-poc.zip The following instead is a very fast and easy method to test the Unreal engine based games without using external programs or complicated exploits. I highly suggest users to use this quick method instead of the previous proof-of-concept: ----- Another method to test the vulnerability is the adding of %n after "Class=" in the file system/user.ini Example: From: Class=Engine.Pawn To: Class=%n%nEngine.Pawn If the game is vulnerable it will crash when launched. ----- The last news regards an advisory about a server freeze bug in the new game Battle Mages: http://aluigi.altervista.org/adv/battlemages-adv.txt BYEZ --- Luigi Auriemma http://aluigi.altervista.org
