CVE-2004-0608
Unreal Tournament 2004 (Linux) - 'secure' Remote Overflow
Severity Score
10.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
4
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The Unreal Engine, as used in DeusEx 1.112fm and earlier, Devastation 390 and earlier, Mobile Forces 20000 and earlier, Nerf Arena Blast 1.2 and earlier, Postal 2 1337 and earlier, Rune 107 and earlier, Tactical Ops 3.4.0 and earlier, Unreal 1 226f and earlier, Unreal II XMP 7710 and earlier, Unreal Tournament 451b and earlier, Unreal Tournament 2003 2225 and earlier, Unreal Tournament 2004 before 3236, Wheel of Time 333b and earlier, and X-com Enforcer, allows remote attackers to execute arbitrary code via a UDP packet containing a secure query with a long value, which overwrites memory.
El Motor de Unreal, usado en in DeusEx 1.112fm y anteriores, , Devastation 390 y anteriores, Mobile Forces 20000 y anteriores, Nerf Arena Blast 1.2 y anteriores, Postal 2 1337 y anteriores, Rune 107 y anteriores, Tactical Ops 3.4.0 y anteriores, Unreal 1 226f y anteriores, Unreal II XMP 7710 y anteriores, Unreal Tournament 451b y anteriores, Unreal Tournament 2003 2225 y anteriores, Unreal Tournament 2004 anteriores a 3236, Wheel of Time 333b y anteriores, and X-com Enforcer permite a atacantes remotos ejecutar código de su elección mediante un paquete UDP conteniendo una consulta segura con un valor largo, lo que sobreescribe memoria.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2004-06-29 CVE Reserved
- 2004-06-30 CVE Published
- 2004-07-18 First Exploit
- 2024-07-15 EPSS Updated
- 2024-08-08 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://marc.info/?l=bugtraq&m=108787105023304&w=2 | Mailing List | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16451 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/16848 | 2010-09-20 | |
| https://www.exploit-db.com/exploits/10032 | 2004-07-18 | |
| https://www.exploit-db.com/exploits/16693 | 2010-09-20 | |
| http://www.securityfocus.com/bid/10570 | 2024-08-08 |
| URL | Date | SRC |
|---|---|---|
| http://www.gentoo.org/security/en/glsa/glsa-200407-14.xml | 2017-07-11 |
| URL | Date | SRC |
|---|---|---|
| http://aluigi.altervista.org/adv/unsecure-adv.txt | 2017-07-11 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Arush Search vendor "Arush" | Devastation Search vendor "Arush" for product "Devastation" | 390.0 Search vendor "Arush" for product "Devastation" and version "390.0" | - |
Affected
| ||||||
| Dreamforge Search vendor "Dreamforge" | Tnn Outdoors Pro Hunter Search vendor "Dreamforge" for product "Tnn Outdoors Pro Hunter" | * | - |
Affected
| ||||||
| Epic Games Search vendor "Epic Games" | Unreal Engine Search vendor "Epic Games" for product "Unreal Engine" | 226f Search vendor "Epic Games" for product "Unreal Engine" and version "226f" | - |
Affected
| ||||||
| Epic Games Search vendor "Epic Games" | Unreal Engine Search vendor "Epic Games" for product "Unreal Engine" | 433 Search vendor "Epic Games" for product "Unreal Engine" and version "433" | - |
Affected
| ||||||
| Epic Games Search vendor "Epic Games" | Unreal Engine Search vendor "Epic Games" for product "Unreal Engine" | 436 Search vendor "Epic Games" for product "Unreal Engine" and version "436" | - |
Affected
| ||||||
| Epic Games Search vendor "Epic Games" | Unreal Tournament Search vendor "Epic Games" for product "Unreal Tournament" | 451b Search vendor "Epic Games" for product "Unreal Tournament" and version "451b" | - |
Affected
| ||||||
| Epic Games Search vendor "Epic Games" | Unreal Tournament 2003 Search vendor "Epic Games" for product "Unreal Tournament 2003" | 2199_linux Search vendor "Epic Games" for product "Unreal Tournament 2003" and version "2199_linux" | - |
Affected
| ||||||
| Epic Games Search vendor "Epic Games" | Unreal Tournament 2003 Search vendor "Epic Games" for product "Unreal Tournament 2003" | 2199_macos Search vendor "Epic Games" for product "Unreal Tournament 2003" and version "2199_macos" | - |
Affected
| ||||||
| Epic Games Search vendor "Epic Games" | Unreal Tournament 2003 Search vendor "Epic Games" for product "Unreal Tournament 2003" | 2199_win32 Search vendor "Epic Games" for product "Unreal Tournament 2003" and version "2199_win32" | - |
Affected
| ||||||
| Epic Games Search vendor "Epic Games" | Unreal Tournament 2003 Search vendor "Epic Games" for product "Unreal Tournament 2003" | 2225_macos Search vendor "Epic Games" for product "Unreal Tournament 2003" and version "2225_macos" | - |
Affected
| ||||||
| Epic Games Search vendor "Epic Games" | Unreal Tournament 2003 Search vendor "Epic Games" for product "Unreal Tournament 2003" | 2225_win32 Search vendor "Epic Games" for product "Unreal Tournament 2003" and version "2225_win32" | - |
Affected
| ||||||
| Epic Games Search vendor "Epic Games" | Unreal Tournament 2004 Search vendor "Epic Games" for product "Unreal Tournament 2004" | macos Search vendor "Epic Games" for product "Unreal Tournament 2004" and version "macos" | - |
Affected
| ||||||
| Epic Games Search vendor "Epic Games" | Unreal Tournament 2004 Search vendor "Epic Games" for product "Unreal Tournament 2004" | win32 Search vendor "Epic Games" for product "Unreal Tournament 2004" and version "win32" | - |
Affected
| ||||||
| Infogrames Search vendor "Infogrames" | Tacticalops Search vendor "Infogrames" for product "Tacticalops" | 3.4 Search vendor "Infogrames" for product "Tacticalops" and version "3.4" | - |
Affected
| ||||||
| Infogrames Search vendor "Infogrames" | X-com Enforcer Search vendor "Infogrames" for product "X-com Enforcer" | * | - |
Affected
| ||||||
| Ion Storm Search vendor "Ion Storm" | Deusex Search vendor "Ion Storm" for product "Deusex" | 1.112_fm Search vendor "Ion Storm" for product "Deusex" and version "1.112_fm" | - |
Affected
| ||||||
| Nerf Arena Blast Search vendor "Nerf Arena Blast" | Nerf Arena Blast Search vendor "Nerf Arena Blast" for product "Nerf Arena Blast" | 1.2 Search vendor "Nerf Arena Blast" for product "Nerf Arena Blast" and version "1.2" | - |
Affected
| ||||||
| Rage Software Search vendor "Rage Software" | Mobile Forces Search vendor "Rage Software" for product "Mobile Forces" | 20000.0 Search vendor "Rage Software" for product "Mobile Forces" and version "20000.0" | - |
Affected
| ||||||
| Robert Jordan Search vendor "Robert Jordan" | Wheel Of Time Search vendor "Robert Jordan" for product "Wheel Of Time" | 333.0b Search vendor "Robert Jordan" for product "Wheel Of Time" and version "333.0b" | - |
Affected
| ||||||
| Running With Scissors Search vendor "Running With Scissors" | Postal 2 Search vendor "Running With Scissors" for product "Postal 2" | 1337 Search vendor "Running With Scissors" for product "Postal 2" and version "1337" | - |
Affected
| ||||||
| Gentoo Search vendor "Gentoo" | Linux Search vendor "Gentoo" for product "Linux" | 1.4 Search vendor "Gentoo" for product "Linux" and version "1.4" | - |
Affected
| ||||||