Vulnerability Description
Buffer overflow in Need for Speed Hot Pursuit 2.0 client (NFSHP2), version 242 and earlier, allows remote attackers (servers) to execute arbitrary code via long (1) gamename, (2) gamever, (3) hostname, (4) gametype, (5) mapname or (6) gamemode commands.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Electronic Arts | Need For Speed Hot Pursuit 2 | <= 242.0 |
References
- http://aluigi.altervista.org/adv/nfshp2cbof-adv.txtExploit
- http://marc.info/?l=bugtraq&m=107479094508691&w=2
- http://www.securityfocus.com/bid/9473Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/14909
- http://aluigi.altervista.org/adv/nfshp2cbof-adv.txtExploit
- http://marc.info/?l=bugtraq&m=107479094508691&w=2
- http://www.securityfocus.com/bid/9473Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/14909
FAQ
What is CVE-2004-2099?
CVE-2004-2099 is a vulnerability with a CVSS score of 5.1 (MEDIUM). Buffer overflow in Need for Speed Hot Pursuit 2.0 client (NFSHP2), version 242 and earlier, allows remote attackers (servers) to execute arbitrary code via long (1) gamename, (2) gamever, (3) hostname...
How severe is CVE-2004-2099?
CVE-2004-2099 has been rated MEDIUM with a CVSS base score of 5.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-2099?
Check the references section above for vendor advisories and patch information. Affected products include: Electronic Arts Need For Speed Hot Pursuit 2.