Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2004-0608

The Unreal Engine, as used in DeusEx 1.112fm and earlier, Devastation 390 and earlier, Mobile Forces 20000 and earlier, Nerf Arena Blast 1.2 and earlier, Postal 2 1337 and earlier, Rune 107 and earlier, Tactical Ops 3.4.0 and earlier, Unreal 1 226f and earlier, Unreal II XMP 7710 and earlier, Unreal Tournament 451b and earlier, Unreal Tournament 2003 2225 and earlier, Unreal Tournament 2004 before 3236, Wheel of Time 333b and earlier, and X-com Enforcer, allows remote attackers to execute arbitrary code via a UDP packet containing a secure query with a long value, which overwrites memory.

Published

2004-12-06T05:00:00.000

Last Modified

2025-04-03T01:03:51.193

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 10.0 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

10.0

Impact Score

10.0

Weaknesses

Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	arush	devastation	390.0	Yes
Application	dreamforge	tnn_outdoors_pro_hunter	*	Yes
Application	epic_games	unreal_engine	226f	Yes
Application	epic_games	unreal_engine	433	Yes
Application	epic_games	unreal_engine	436	Yes
Application	epic_games	unreal_tournament	451b	Yes
Application	epic_games	unreal_tournament_2003	2199_linux	Yes
Application	epic_games	unreal_tournament_2003	2199_macos	Yes
Application	epic_games	unreal_tournament_2003	2199_win32	Yes
Application	epic_games	unreal_tournament_2003	2225_macos	Yes
Application	epic_games	unreal_tournament_2003	2225_win32	Yes
Application	epic_games	unreal_tournament_2004	macos	Yes
Application	epic_games	unreal_tournament_2004	win32	Yes
Application	infogrames	tacticalops	3.4	Yes
Application	infogrames	x-com_enforcer	*	Yes
Application	ion_storm	deusex	1.112_fm	Yes
Application	nerf_arena_blast	nerf_arena_blast	1.2	Yes
Application	rage_software	mobile_forces	20000.0	Yes
Application	robert_jordan	wheel_of_time	333.0b	Yes
Application	running_with_scissors	postal_2	1337	Yes
Operating System	gentoo	linux	1.4	Yes

References

http://aluigi.altervista.org/adv/unsecure-adv.txt Vendor Advisory ([email protected])
http://marc.info/?l=bugtraq&m=108787105023304&w=2 ([email protected])
http://www.gentoo.org/security/en/glsa/glsa-200407-14.xml Patch, Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/10570 Exploit, Vendor Advisory ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/16451 ([email protected])
http://aluigi.altervista.org/adv/unsecure-adv.txt Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=bugtraq&m=108787105023304&w=2 (af854a3a-2127-422b-91ae-364da2661108)
http://www.gentoo.org/security/en/glsa/glsa-200407-14.xml Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/10570 Exploit, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/16451 (af854a3a-2127-422b-91ae-364da2661108)