Call of Duty 1.4 and earlier allows remote attackers to cause a denial of service (game end) via a large (1) query or (2) reply packet, which is not properly handled by the buffer overflow protection mechanism. NOTE: this issue might overlap CVE-2005-0430.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| activision | call_of_duty | 1.4 |
| activision | call_of_duty_united_offensive | 1.41 |
Quake 3 engine, as used in multiple games, allows remote attackers to cause a denial of service (client disconnect) via a long message, which is not properly truncated and causes the engine to process the remaining data as if it were network data.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| id_software | quake_3_arena | 1.31 |
| activision | call_of_duty | 1.5b |
| id_software | quake_3_arena | 1.16 |
| id_software | quake_3_arena_server | 1.29f |
| raven_software | soldier_of_fortune_2 | 1.0.2 |
| activision | call_of_duty_united_offensive | 1.41 |
| raven_software | soldier_of_fortune_2 | 1.0.3 |
| id_software | quake_3_arena | 1.1.7 |
| id_software | quake_3_arena_server | 1.29g |
| lucasarts | star_wars_jedi_knight_ii_jedi_outcast | 1.0.4 |
| id_software | wolfenstein_enemy_territory | 2.56 |
| activision | return_to_castle_wolfenstein | 1.0 |
| activision | call_of_duty | 1.4 |
| activision | call_of_duty_united_offensive | 1.51b |
| id_software | wolfenstein_enemy_territory | 1.0.2 |
| activision | return_to_castle_wolfenstein | 1.1 |
| lucasarts | star_wars_jedi_knight_jedi_academy | 1.0.11 |
| id_software | quake_3_engine | * |
Stack-based buffer overflow in Activision Infinity Ward Call of Duty Modern Warfare 2 before 2018-04-26 allows remote attackers to execute arbitrary code via crafted packets.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| activision | call_of_duty_modern_warfare_2 | * |
SV_SteamAuthClient in various Activision Infinity Ward Call of Duty games before 2015-08-11 is missing a size check when reading authBlob data into a buffer, which allows one to execute code on the remote target machine when sending a steam authentication request. This affects Call of Duty: Modern Warfare 2, Call of Duty: Modern Warfare 3, Call of Duty: Ghosts, Call of Duty: Advanced Warfare, Call of Duty: Black Ops 1, and Call of Duty: Black Ops 2.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| activision | call_of_duty:_advanced_warfare | - |
| activision | call_of_duty:_blacks_ops_2 | - |
| activision | call_of_duty:_ghosts | - |
| activision | call_of_duty:_black_ops_1 | - |
| activision | call_of_duty:_modern_warfare_2 | - |
| activision | call_of_duty:_modern_warfare_3 | - |
An issue was discovered in Activision Infinity Ward Call of Duty Modern Warfare 2 through 2019-12-11. PartyHost_HandleJoinPartyRequest has a buffer overflow vulnerability and can be exploited by using a crafted joinParty packet. This can be utilized to conduct arbitrary code execution on a victim's machine.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| activision | call_of_duty_modern_warfare_2 | * |