The Unreal Engine, as used in DeusEx 1.112fm and earlier, Devastation 390 and earlier, Mobile Forces 20000 and earlier, Nerf Arena Blast 1.2 and earlier, Postal 2 1337 and earlier, Rune 107 and earlier, Tactical Ops 3.4.0 and earlier, Unreal 1 226f and earlier, Unreal II XMP 7710 and earlier, Unreal Tournament 451b and earlier, Unreal Tournament 2003 2225 and earlier, Unreal Tournament 2004 before 3236, Wheel of Time 333b and earlier, and X-com Enforcer, allows remote attackers to execute arbitrary code via a UDP packet containing a secure query with a long value, which overwrites memory.
CVE-2004-0608 is a security vulnerability that . Impacting 14 products from arush, from dreamforge, from epic_games and 11 others, organizations running these solutions should prioritize assessment and patching.
Originally identified in 2004, this vulnerability predates many modern security frameworks and practices. The vulnerability landscape of that era was characterized by different threat models and less mature defense mechanisms compared to contemporary standards.
2004-12-06T05:00:00.000
2025-04-03T01:03:51.193
Deferred
CVSSv2: 10.0 (HIGH)
AV:N/AC:L/Au:N/C:C/I:C/A:C
10.0
10.0
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | arush | devastation | 390.0 | Yes |
| Application | dreamforge | tnn_outdoors_pro_hunter | * | Yes |
| Application | epic_games | unreal_engine | 226f | Yes |
| Application | epic_games | unreal_engine | 433 | Yes |
| Application | epic_games | unreal_engine | 436 | Yes |
| Application | epic_games | unreal_tournament | 451b | Yes |
| Application | epic_games | unreal_tournament_2003 | 2199_linux | Yes |
| Application | epic_games | unreal_tournament_2003 | 2199_macos | Yes |
| Application | epic_games | unreal_tournament_2003 | 2199_win32 | Yes |
| Application | epic_games | unreal_tournament_2003 | 2225_macos | Yes |
| Application | epic_games | unreal_tournament_2003 | 2225_win32 | Yes |
| Application | epic_games | unreal_tournament_2004 | macos | Yes |
| Application | epic_games | unreal_tournament_2004 | win32 | Yes |
| Application | infogrames | tacticalops | 3.4 | Yes |
| Application | infogrames | x-com_enforcer | * | Yes |
| Application | ion_storm | deusex | 1.112_fm | Yes |
| Application | nerf_arena_blast | nerf_arena_blast | 1.2 | Yes |
| Application | rage_software | mobile_forces | 20000.0 | Yes |
| Application | robert_jordan | wheel_of_time | 333.0b | Yes |
| Application | running_with_scissors | postal_2 | 1337 | Yes |
| Operating System | gentoo | linux | 1.4 | Yes |
SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For arush's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.