MidnightBSD

Advisories for activision

CVE-2004-1664 MEDIUM

Call of Duty 1.4 and earlier allows remote attackers to cause a denial of service (game end) via a large (1) query or (2) reply packet, which is not properly handled by the buffer overflow protection mechanism. NOTE: this issue might overlap CVE-2005-0430.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
activision call_of_duty 1.4
activision call_of_duty_united_offensive 1.41
CVE-2005-0983 MEDIUM

Quake 3 engine, as used in multiple games, allows remote attackers to cause a denial of service (client disconnect) via a long message, which is not properly truncated and causes the engine to process the remaining data as if it were network data.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
id_software quake_3_arena 1.31
activision call_of_duty 1.5b
id_software quake_3_arena 1.16
id_software quake_3_arena_server 1.29f
raven_software soldier_of_fortune_2 1.0.2
activision call_of_duty_united_offensive 1.41
raven_software soldier_of_fortune_2 1.0.3
id_software quake_3_arena 1.1.7
id_software quake_3_arena_server 1.29g
lucasarts star_wars_jedi_knight_ii_jedi_outcast 1.0.4
id_software wolfenstein_enemy_territory 2.56
activision return_to_castle_wolfenstein 1.0
activision call_of_duty 1.4
activision call_of_duty_united_offensive 1.51b
id_software wolfenstein_enemy_territory 1.0.2
activision return_to_castle_wolfenstein 1.1
lucasarts star_wars_jedi_knight_jedi_academy 1.0.11
id_software quake_3_engine *
CVE-2018-10718 HIGH

Stack-based buffer overflow in Activision Infinity Ward Call of Duty Modern Warfare 2 before 2018-04-26 allows remote attackers to execute arbitrary code via crafted packets.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
activision call_of_duty_modern_warfare_2 *
CVE-2018-20817 HIGH

SV_SteamAuthClient in various Activision Infinity Ward Call of Duty games before 2015-08-11 is missing a size check when reading authBlob data into a buffer, which allows one to execute code on the remote target machine when sending a steam authentication request. This affects Call of Duty: Modern Warfare 2, Call of Duty: Modern Warfare 3, Call of Duty: Ghosts, Call of Duty: Advanced Warfare, Call of Duty: Black Ops 1, and Call of Duty: Black Ops 2.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
activision call_of_duty:_advanced_warfare -
activision call_of_duty:_blacks_ops_2 -
activision call_of_duty:_ghosts -
activision call_of_duty:_black_ops_1 -
activision call_of_duty:_modern_warfare_2 -
activision call_of_duty:_modern_warfare_3 -
CVE-2019-20893 HIGH

An issue was discovered in Activision Infinity Ward Call of Duty Modern Warfare 2 through 2019-12-11. PartyHost_HandleJoinPartyRequest has a buffer overflow vulnerability and can be exploited by using a crafted joinParty packet. This can be utilized to conduct arbitrary code execution on a victim's machine.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
activision call_of_duty_modern_warfare_2 *