CVE-2004-0608 : Detail

CVE-2004-0608

64.42%V4
Network
2004-06-30
02h00 +00:00
2017-07-10
12h57 +00:00
CVE.org
NVD
Notifications for a CVE
Stay informed of any changes for a specific CVE.
Notifications manage

CVE Descriptions

The Unreal Engine, as used in DeusEx 1.112fm and earlier, Devastation 390 and earlier, Mobile Forces 20000 and earlier, Nerf Arena Blast 1.2 and earlier, Postal 2 1337 and earlier, Rune 107 and earlier, Tactical Ops 3.4.0 and earlier, Unreal 1 226f and earlier, Unreal II XMP 7710 and earlier, Unreal Tournament 451b and earlier, Unreal Tournament 2003 2225 and earlier, Unreal Tournament 2004 before 3236, Wheel of Time 333b and earlier, and X-com Enforcer, allows remote attackers to execute arbitrary code via a UDP packet containing a secure query with a long value, which overwrites memory.

CVE Informations

Metrics

Metrics Score Severity CVSS Vector Source
V2 10 AV:N/AC:L/Au:N/C:C/I:C/A:C nvd@nist.gov

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
EPSS First.org

Exploit information

Exploit Database EDB-ID : 16848

Publication date : 2010-09-19 22h00 +00:00
Author : Metasploit
EDB Verified : Yes

Exploit Database EDB-ID : 10032

Publication date : 2004-07-17 22h00 +00:00
Author : onetwo
EDB Verified : Yes

Exploit Database EDB-ID : 16693

Publication date : 2010-09-19 22h00 +00:00
Author : Metasploit
EDB Verified : Yes

Products Mentioned

Configuraton 0

Arush>>Devastation >> Version 390.0

Dreamforge>>Tnn_outdoors_pro_hunter >> Version *

Epic_games>>Unreal_engine >> Version 226f

Epic_games>>Unreal_engine >> Version 433

Epic_games>>Unreal_engine >> Version 436

Epic_games>>Unreal_tournament >> Version 451b

Epic_games>>Unreal_tournament_2003 >> Version 2199_linux

Epic_games>>Unreal_tournament_2003 >> Version 2199_macos

Epic_games>>Unreal_tournament_2003 >> Version 2199_win32

Epic_games>>Unreal_tournament_2003 >> Version 2225_macos

Epic_games>>Unreal_tournament_2003 >> Version 2225_win32

Epic_games>>Unreal_tournament_2004 >> Version macos

Epic_games>>Unreal_tournament_2004 >> Version win32

Infogrames>>Tacticalops >> Version 3.4

Infogrames>>X-com_enforcer >> Version *

Ion_storm>>Deusex >> Version 1.112_fm

Nerf_arena_blast>>Nerf_arena_blast >> Version 1.2

Rage_software>>Mobile_forces >> Version 20000.0

Robert_jordan>>Wheel_of_time >> Version 333.0b

Running_with_scissors>>Postal_2 >> Version 1337

Configuraton 0

Gentoo>>Linux >> Version 1.4

References

http://www.securityfocus.com/bid/10570
Tags : vdb-entry, x_refsource_BID
http://www.gentoo.org/security/en/glsa/glsa-200407-14.xml
Tags : vendor-advisory, x_refsource_GENTOO
http://marc.info/?l=bugtraq&m=108787105023304&w=2
Tags : mailing-list, x_refsource_BUGTRAQ
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.