Vulnerability Name:

CVE-2004-0608 (CCN-16451)

Assigned:2004-06-18
Published:2004-06-18
Updated:2017-07-11
Summary:The Unreal Engine, as used in DeusEx 1.112fm and earlier, Devastation 390 and earlier, Mobile Forces 20000 and earlier, Nerf Arena Blast 1.2 and earlier, Postal 2 1337 and earlier, Rune 107 and earlier, Tactical Ops 3.4.0 and earlier, Unreal 1 226f and earlier, Unreal II XMP 7710 and earlier, Unreal Tournament 451b and earlier, Unreal Tournament 2003 2225 and earlier, Unreal Tournament 2004 before 3236, Wheel of Time 333b and earlier, and X-com Enforcer, allows remote attackers to execute arbitrary code via a UDP packet containing a secure query with a long value, which overwrites memory.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MISC
Type: Vendor Advisory
http://aluigi.altervista.org/adv/unsecure-adv.txt

Source: CCN
Type: Full-Disclosure Mailing List, Fri Jun 18 2004 - 15:05:32 CDT
Code execution in the Unreal Engine through \secure\ packet

Source: CCN
Type: Full-Dislcosure Mailing List, Wed Jun 23 2004 - 13:09:25 CDT
Solution for bugtraq id 10570 (Epic Games Unreal Engine Memory Corruption Vulnerability)

Source: MITRE
Type: CNA
CVE-2004-0608

Source: BUGTRAQ
Type: UNKNOWN
20040618 Code execution in the Unreal Engine through \secure\ packet

Source: CCN
Type: GLSA-200407-14
Unreal Tournament 2003/2004: Buffer overflow in 'secure' queries

Source: GENTOO
Type: Patch, Vendor Advisory
GLSA-200407-14

Source: CCN
Type: OSVDB ID: 7217
Unreal Engine Secure Query Remote Overflow

Source: BID
Type: Exploit, Vendor Advisory
10570

Source: CCN
Type: BID-10570
Epic Games Unreal Engine Memory Corruption Vulnerability

Source: CCN
Type: Unreal Tournament 2004 Downloads Web site
Unreal Tournament 2004

Source: XF
Type: UNKNOWN
unreal-secure-query-command-execute(16451)

Source: XF
Type: UNKNOWN
unreal-secure-query-command-execute(16451)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:arush:devastation:390.0:*:*:*:*:*:*:*
  • OR cpe:/a:dreamforge:tnn_outdoors_pro_hunter:*:*:*:*:*:*:*:*
  • OR cpe:/a:epic_games:unreal_engine:226f:*:*:*:*:*:*:*
  • OR cpe:/a:epic_games:unreal_engine:433:*:*:*:*:*:*:*
  • OR cpe:/a:epic_games:unreal_engine:436:*:*:*:*:*:*:*
  • OR cpe:/a:epic_games:unreal_tournament:451b:*:*:*:*:*:*:*
  • OR cpe:/a:epic_games:unreal_tournament_2003:2199_linux:*:*:*:*:*:*:*
  • OR cpe:/a:epic_games:unreal_tournament_2003:2199_macos:*:*:*:*:*:*:*
  • OR cpe:/a:epic_games:unreal_tournament_2003:2199_win32:*:*:*:*:*:*:*
  • OR cpe:/a:epic_games:unreal_tournament_2003:2225_macos:*:*:*:*:*:*:*
  • OR cpe:/a:epic_games:unreal_tournament_2003:2225_win32:*:*:*:*:*:*:*
  • OR cpe:/a:epic_games:unreal_tournament_2004:macos:*:*:*:*:*:*:*
  • OR cpe:/a:epic_games:unreal_tournament_2004:win32:*:*:*:*:*:*:*
  • OR cpe:/a:infogrames:tacticalops:3.4:*:*:*:*:*:*:*
  • OR cpe:/a:infogrames:x-com_enforcer:*:*:*:*:*:*:*:*
  • OR cpe:/a:ion_storm:deusex:1.112_fm:*:*:*:*:*:*:*
  • OR cpe:/a:nerf_arena_blast:nerf_arena_blast:1.2:*:*:*:*:*:*:*
  • OR cpe:/a:rage_software:mobile_forces:20000.0:*:*:*:*:*:*:*
  • OR cpe:/a:robert_jordan:wheel_of_time:333.0b:*:*:*:*:*:*:*
  • OR cpe:/a:running_with_scissors:postal_2:1337:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:gentoo:linux:1.4:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    arush devastation 390.0
    dreamforge tnn outdoors pro hunter *
    epic_games unreal engine 226f
    epic_games unreal engine 433
    epic_games unreal engine 436
    epic_games unreal tournament 451b
    epic_games unreal tournament 2003 2199_linux
    epic_games unreal tournament 2003 2199_macos
    epic_games unreal tournament 2003 2199_win32
    epic_games unreal tournament 2003 2225_macos
    epic_games unreal tournament 2003 2225_win32
    epic_games unreal tournament 2004 macos
    epic_games unreal tournament 2004 win32
    infogrames tacticalops 3.4
    infogrames x-com enforcer *
    ion_storm deusex 1.112_fm
    nerf_arena_blast nerf arena blast 1.2
    rage_software mobile forces 20000.0
    robert_jordan wheel of time 333.0b
    running_with_scissors postal 2 1337
    gentoo linux 1.4