CVE-2004-0608 - The Unreal Engine, as used in DeusEx 1.112fm and earlier, Devastation 390 and earlier, Mobile Forces

CVE-2004-0608

Summary

The Unreal Engine, as used in DeusEx 1.112fm and earlier, Devastation 390 and earlier, Mobile Forces 20000 and earlier, Nerf Arena Blast 1.2 and earlier, Postal 2 1337 and earlier, Rune 107 and earlier, Tactical Ops 3.4.0 and earlier, Unreal 1 226f and earlier, Unreal II XMP 7710 and earlier, Unreal Tournament 451b and earlier, Unreal Tournament 2003 2225 and earlier, Unreal Tournament 2004 before 3236, Wheel of Time 333b and earlier, and X-com Enforcer, allows remote attackers to execute arbitrary code via a UDP packet containing a secure query with a long value, which overwrites memory.

References

Vulnerable Configurations

cpe:2.3:a:arush:devastation:390.0:*:*:*:*:*:*:*
cpe:2.3:a:arush:devastation:390.0:*:*:*:*:*:*:*
cpe:2.3:a:dreamforge:tnn_outdoors_pro_hunter:*:*:*:*:*:*:*:*
cpe:2.3:a:dreamforge:tnn_outdoors_pro_hunter:*:*:*:*:*:*:*:*
cpe:2.3:a:epic_games:unreal_engine:226f:*:*:*:*:*:*:*
cpe:2.3:a:epic_games:unreal_engine:226f:*:*:*:*:*:*:*
cpe:2.3:a:epic_games:unreal_engine:433:*:*:*:*:*:*:*
cpe:2.3:a:epic_games:unreal_engine:433:*:*:*:*:*:*:*
cpe:2.3:a:epic_games:unreal_engine:436:*:*:*:*:*:*:*
cpe:2.3:a:epic_games:unreal_engine:436:*:*:*:*:*:*:*
cpe:2.3:a:epic_games:unreal_tournament:451b:*:*:*:*:*:*:*
cpe:2.3:a:epic_games:unreal_tournament:451b:*:*:*:*:*:*:*
cpe:2.3:a:epic_games:unreal_tournament_2003:2199_linux:*:*:*:*:*:*:*
cpe:2.3:a:epic_games:unreal_tournament_2003:2199_linux:*:*:*:*:*:*:*
cpe:2.3:a:epic_games:unreal_tournament_2003:2199_macos:*:*:*:*:*:*:*
cpe:2.3:a:epic_games:unreal_tournament_2003:2199_macos:*:*:*:*:*:*:*
cpe:2.3:a:epic_games:unreal_tournament_2003:2199_win32:*:*:*:*:*:*:*
cpe:2.3:a:epic_games:unreal_tournament_2003:2199_win32:*:*:*:*:*:*:*
cpe:2.3:a:epic_games:unreal_tournament_2003:2225_macos:*:*:*:*:*:*:*
cpe:2.3:a:epic_games:unreal_tournament_2003:2225_macos:*:*:*:*:*:*:*
cpe:2.3:a:epic_games:unreal_tournament_2003:2225_win32:*:*:*:*:*:*:*
cpe:2.3:a:epic_games:unreal_tournament_2003:2225_win32:*:*:*:*:*:*:*
cpe:2.3:a:epic_games:unreal_tournament_2004:macos:*:*:*:*:*:*:*
cpe:2.3:a:epic_games:unreal_tournament_2004:macos:*:*:*:*:*:*:*
cpe:2.3:a:epic_games:unreal_tournament_2004:win32:*:*:*:*:*:*:*
cpe:2.3:a:epic_games:unreal_tournament_2004:win32:*:*:*:*:*:*:*
cpe:2.3:a:infogrames:tacticalops:3.4:*:*:*:*:*:*:*
cpe:2.3:a:infogrames:tacticalops:3.4:*:*:*:*:*:*:*
cpe:2.3:a:infogrames:x-com_enforcer:*:*:*:*:*:*:*:*
cpe:2.3:a:infogrames:x-com_enforcer:*:*:*:*:*:*:*:*
cpe:2.3:a:ion_storm:deusex:1.112_fm:*:*:*:*:*:*:*
cpe:2.3:a:ion_storm:deusex:1.112_fm:*:*:*:*:*:*:*
cpe:2.3:a:nerf_arena_blast:nerf_arena_blast:1.2:*:*:*:*:*:*:*
cpe:2.3:a:nerf_arena_blast:nerf_arena_blast:1.2:*:*:*:*:*:*:*
cpe:2.3:a:rage_software:mobile_forces:20000.0:*:*:*:*:*:*:*
cpe:2.3:a:rage_software:mobile_forces:20000.0:*:*:*:*:*:*:*
cpe:2.3:a:robert_jordan:wheel_of_time:333.0b:*:*:*:*:*:*:*
cpe:2.3:a:robert_jordan:wheel_of_time:333.0b:*:*:*:*:*:*:*
cpe:2.3:a:running_with_scissors:postal_2:1337:*:*:*:*:*:*:*
cpe:2.3:a:running_with_scissors:postal_2:1337:*:*:*:*:*:*:*
cpe:2.3:o:gentoo:linux:1.4:*:*:*:*:*:*:*
cpe:2.3:o:gentoo:linux:1.4:*:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 11-07-2017 - 01:30)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	10570
bugtraq	20040618 Code execution in the Unreal Engine through \secure\ packet
gentoo	GLSA-200407-14
misc	http://aluigi.altervista.org/adv/unsecure-adv.txt
xf	unreal-secure-query-command-execute(16451)

Last major update

11-07-2017 - 01:30

Published

06-12-2004 - 05:00

Last modified

11-07-2017 - 01:30