Vulnerability Description
The Unreal Engine, as used in DeusEx 1.112fm and earlier, Devastation 390 and earlier, Mobile Forces 20000 and earlier, Nerf Arena Blast 1.2 and earlier, Postal 2 1337 and earlier, Rune 107 and earlier, Tactical Ops 3.4.0 and earlier, Unreal 1 226f and earlier, Unreal II XMP 7710 and earlier, Unreal Tournament 451b and earlier, Unreal Tournament 2003 2225 and earlier, Unreal Tournament 2004 before 3236, Wheel of Time 333b and earlier, and X-com Enforcer, allows remote attackers to execute arbitrary code via a UDP packet containing a secure query with a long value, which overwrites memory.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Arush | Devastation | 390.0 |
| Dreamforge | Tnn Outdoors Pro Hunter | All versions |
| Epic Games | Unreal Engine | 226f |
| Epic Games | Unreal Tournament | 451b |
| Epic Games | Unreal Tournament 2003 | 2199_linux |
| Epic Games | Unreal Tournament 2004 | macos |
| Infogrames | Tacticalops | 3.4 |
| Infogrames | X-Com Enforcer | All versions |
| Ion Storm | Deusex | 1.112_fm |
| Nerf Arena Blast | Nerf Arena Blast | 1.2 |
| Rage Software | Mobile Forces | 20000.0 |
| Robert Jordan | Wheel Of Time | 333.0b |
| Running With Scissors | Postal 2 | 1337 |
| Gentoo | Linux | 1.4 |
References
- http://aluigi.altervista.org/adv/unsecure-adv.txtVendor Advisory
- http://marc.info/?l=bugtraq&m=108787105023304&w=2
- http://www.gentoo.org/security/en/glsa/glsa-200407-14.xmlPatchVendor Advisory
- http://www.securityfocus.com/bid/10570ExploitVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16451
- http://aluigi.altervista.org/adv/unsecure-adv.txtVendor Advisory
- http://marc.info/?l=bugtraq&m=108787105023304&w=2
- http://www.gentoo.org/security/en/glsa/glsa-200407-14.xmlPatchVendor Advisory
- http://www.securityfocus.com/bid/10570ExploitVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16451
FAQ
What is CVE-2004-0608?
CVE-2004-0608 is a vulnerability with a CVSS score of 10.0 (HIGH). The Unreal Engine, as used in DeusEx 1.112fm and earlier, Devastation 390 and earlier, Mobile Forces 20000 and earlier, Nerf Arena Blast 1.2 and earlier, Postal 2 1337 and earlier, Rune 107 and earlie...
How severe is CVE-2004-0608?
CVE-2004-0608 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-0608?
Check the references section above for vendor advisories and patch information. Affected products include: Arush Devastation, Dreamforge Tnn Outdoors Pro Hunter, Epic Games Unreal Engine, Epic Games Unreal Tournament, Epic Games Unreal Tournament 2003.