Remote Code Execution Vulnerability in Unreal Engine Products
CVE-2004-0608

Currently unrated

Key Information:

Vendor

Epic Games

Status
Unreal Engine
Unreal Tournament 2003
Postal 2
Mobile Forces
Vendor
CVE Published:
6 December 2004

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC๐ŸŸฃ EPSS 64%

What is CVE-2004-0608?

A vulnerability in the Unreal Engine allows remote code execution, enabling attackers to send specially crafted UDP packets containing a secure query with an excessively long value. This can lead to the overwriting of memory within the affected applications, posing significant security risks. Affected products include multiple games and applications that utilize the Unreal Engine, making it essential for users to apply available patches to mitigate this risk.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

Metasploit exploit module for CVE-2004-0608
Created by Rapid7

References

http://www.securityfocus.com/bid/10570
vdb-entryx_refsource_BID
http://www.gentoo.org/security/en/glsa/glsa-200407-14.xml
vendor-advisoryx_refsource_GENTOO
http://marc.info/?l=bugtraq&m=108787105023304&w=2
mailing-listx_refsource_BUGTRAQ

EPSS Score

64% chance of being exploited in the next 30 days.

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2004-0608 : Remote Code Execution Vulnerability in Unreal Engine Products