Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0608

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2004-0608
Last Modified 05 Sep 2008 04:38:53
Published 06 Dec 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0608

Summary

The Unreal Engine, as used in DeusEx 1.112fm and earlier, Devastation 390 and earlier, Mobile Forces 20000 and earlier, Nerf Arena Blast 1.2 and earlier, Postal 2 1337 and earlier, Rune 107 and earlier, Tactical Ops 3.4.0 and earlier, Unreal 1 226f and earlier, Unreal II XMP 7710 and earlier, Unreal Tournament 451b and earlier, Unreal Tournament 2003 2225 and earlier, Unreal Tournament 2004 before 3236, Wheel of Time 333b and earlier, and X-com Enforcer, allows remote attackers to execute arbitrary code via a UDP packet containing a secure query with a long value, which overwrites memory.

Vulnerable Systems

Operating System

  • Gentoo Linux 1.4

Application

  • Arush Devastation 390.0

  • Dreamforge Tnn Outdoors Pro Hunter

  • Epic Games Unreal Engine 226f

  • Epic Games Unreal Engine 433

  • Epic Games Unreal Engine 436

  • Epic Games Unreal Tournament 2003 2199 Linux

  • Epic Games Unreal Tournament 2003 2199 Macos

  • Epic Games Unreal Tournament 2003 2199 Win32

  • Epic Games Unreal Tournament 2003 2225 Macos

  • Epic Games Unreal Tournament 2003 2225 Win32

  • Epic Games Unreal Tournament 2004 Macos

  • Epic Games Unreal Tournament 2004 Win32

  • Epic Games Unreal Tournament 451b

  • Infogrames Tacticalops 3.4

  • Infogrames X-com Enforcer

  • Ion Storm Deusex 1.112 Fm

  • Nerf Arena Blast 1.2

  • Rage Software Mobile Forces 20000.0

  • Robert Jordan Wheel Of Time 333.0b

  • Running With Scissors Postal 2 1337


References

XF - unreal-secure-query-command-execute(16451)

GENTOO - GLSA-200407-14

BID - 10570

MISC - http://aluigi.altervista.org/adv/unsecure-adv.txt

BUGTRAQ - 20040618 Code execution in the Unreal Engine through \secure\ packet


Last Updated: 27 May 2016 10:38:40