Vulnerability CVE-2004-0608
Published: 2004-12-06   Modified: 2012-02-12

Description:
The Unreal Engine, as used in DeusEx 1.112fm and earlier, Devastation 390 and earlier, Mobile Forces 20000 and earlier, Nerf Arena Blast 1.2 and earlier, Postal 2 1337 and earlier, Rune 107 and earlier, Tactical Ops 3.4.0 and earlier, Unreal 1 226f and earlier, Unreal II XMP 7710 and earlier, Unreal Tournament 451b and earlier, Unreal Tournament 2003 2225 and earlier, Unreal Tournament 2004 before 3236, Wheel of Time 333b and earlier, and X-com Enforcer, allows remote attackers to execute arbitrary code via a UDP packet containing a secure query with a long value, which overwrites memory.

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Running with scissors -> Postal 2 
Robert jordan -> Wheel of time 
Rage software -> Mobile forces 
Nerf arena blast -> Nerf arena blast 
Ion storm -> Deusex 
Infogrames -> Tacticalops 
Infogrames -> X-com enforcer 
Gentoo -> Linux 
Epic games -> Unreal engine 
Epic games -> Unreal tournament 
Epic games -> Unreal tournament 2003 
Epic games -> Unreal tournament 2004 
Dreamforge -> Tnn outdoors pro hunter 
Arush -> Devastation 

 References:
http://aluigi.altervista.org/adv/unsecure-adv.txt
http://marc.info/?l=bugtraq&m=108787105023304&w=2
http://www.gentoo.org/security/en/glsa/glsa-200407-14.xml
http://www.securityfocus.com/bid/10570
http://xforce.iss.net/xforce/xfdb/16451
Copyright 2024, cxsecurity.com

 

Back to Top