CVE-2004-0608

Current Description

The Unreal Engine, as used in DeusEx 1.112fm and earlier, Devastation 390 and earlier, Mobile Forces 20000 and earlier, Nerf Arena Blast 1.2 and earlier, Postal 2 1337 and earlier, Rune 107 and earlier, Tactical Ops 3.4.0 and earlier, Unreal 1 226f and earlier, Unreal II XMP 7710 and earlier, Unreal Tournament 451b and earlier, Unreal Tournament 2003 2225 and earlier, Unreal Tournament 2004 before 3236, Wheel of Time 333b and earlier, and X-com Enforcer, allows remote attackers to execute arbitrary code via a UDP packet containing a secure query with a long value, which overwrites memory.

Basic Data

PublishedDecember 06, 2004
Last ModifiedJuly 11, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score10.0
SeverityHIGH
Exploitability Score10.0
Impact Score10.0
Obtain All Privilegetrue
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationArushDevastation390.0*******
    2.3ApplicationDreamforgeTnn Outdoors Pro Hunter********
    2.3ApplicationEpic GamesUnreal Engine226f*******
    2.3ApplicationEpic GamesUnreal Engine433*******
    2.3ApplicationEpic GamesUnreal Engine436*******
    2.3ApplicationEpic GamesUnreal Tournament451b*******
    2.3ApplicationEpic GamesUnreal Tournament 20032199_linux*******
    2.3ApplicationEpic GamesUnreal Tournament 20032199_macos*******
    2.3ApplicationEpic GamesUnreal Tournament 20032199_win32*******
    2.3ApplicationEpic GamesUnreal Tournament 20032225_macos*******
    2.3ApplicationEpic GamesUnreal Tournament 20032225_win32*******
    2.3ApplicationEpic GamesUnreal Tournament 2004macos*******
    2.3ApplicationEpic GamesUnreal Tournament 2004win32*******
    2.3ApplicationInfogramesTacticalops3.4*******
    2.3ApplicationInfogramesX-com Enforcer********
    2.3ApplicationIon StormDeusex1.112_fm*******
    2.3ApplicationNerf Arena BlastNerf Arena Blast1.2*******
    2.3ApplicationRage SoftwareMobile Forces20000.0*******
    2.3ApplicationRobert JordanWheel Of Time333.0b*******
    2.3ApplicationRunning With ScissorsPostal 21337*******
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSGentooLinux1.4*******

Vulnerable Software List

VendorProductVersions
Infogrames Tacticalops 3.4
Infogrames X-com Enforcer *
Ion Storm Deusex 1.112_fm
Epic Games Unreal Tournament 451b
Epic Games Unreal Tournament 2004 macos, win32
Epic Games Unreal Engine 226f, 433, 436
Epic Games Unreal Tournament 2003 2199_linux, 2199_macos, 2199_win32, 2225_macos, 2225_win32
Nerf Arena Blast Nerf Arena Blast 1.2
Rage Software Mobile Forces 20000.0
Robert Jordan Wheel Of Time 333.0b
Running With Scissors Postal 2 1337
Arush Devastation 390.0
Dreamforge Tnn Outdoors Pro Hunter *
Gentoo Linux 1.4

References

NameSourceURLTags
http://aluigi.altervista.org/adv/unsecure-adv.txthttp://aluigi.altervista.org/adv/unsecure-adv.txtMISCVendor Advisory
20040618 Code execution in the Unreal Engine through secure packethttp://marc.info/?l=bugtraq&m=108787105023304&w=2BUGTRAQ
GLSA-200407-14http://www.gentoo.org/security/en/glsa/glsa-200407-14.xmlGENTOOPATCH Vendor Advisory
10570http://www.securityfocus.com/bid/10570BIDExploit Vendor Advisory
unreal-secure-query-command-execute(16451)https://exchange.xforce.ibmcloud.com/vulnerabilities/16451XF