CVE-2004-0608

Exp

The Unreal Engine, as used in DeusEx 1.112fm and earlier, Devastation 390 and earlier, Mobile Forces 20000 and earlier, Nerf Arena Blast 1.2 and earlier, Postal 2 1337 and earlier, Rune 107 and earlier, Tactical Ops 3.4.0 and earlier, Unreal 1 226f and earlier, Unreal II XMP 7710 and earlier, Unreal Tournament 451b and earlier, Unreal Tournament 2003 2225 and earlier, Unreal Tournament 2004 before 3236, Wheel of Time 333b and earlier, and X-com Enforcer, allows remote attackers to execute arbitrary code via a UDP packet containing a secure query with a long value, which overwrites memory.

Published: 2004-12-06 Last update: 2026-04-16 Assigner: [email protected] Source: [email protected]

NVD Status：Modified，CVE State: published

View at NVD, CVE.org, EUVD

Conclusion & alert: CVE-2004-0608 is rated High Exploit Risk (93.7/100): CVSS Critical severity, with high exploitation likelihood (EPSS 64.42%, 98th percentile). Core evidence: 4 public exploit reference(s) are indexed (Exploit-DB). EPSS rose +4.24% over the last day, indicating growing attacker interest. Mandatory action: Public exploits are available—assess exposure, apply mitigations, and prioritize patching.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Public exploit references (Exploit-DB) for CVE-2004-0608

EDB-ID	Source	Kind	Published	Link
16693	exploit_db	edb	2010-09-20	Exploit-DB ↗
16848	exploit_db	edb	2010-09-20	Exploit-DB ↗
10032	exploit_db	edb	2004-07-18	Exploit-DB ↗
—	nvd_ref	exploit_tag		Exploit-DB ↗

Exploit prediction scoring system (EPSS) score for CVE-2004-0608

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2025-10-12	60.18%	64.42%	+4.24%
2	2025-03-30	65.75%	60.18%	-5.58%
3	2025-03-29	—	65.75%	—

Full EPSS history (11 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2004-0608

CVSS metrics for this CVE.

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
10.0	2.0	HIGH	`AV:N/AC:L/Au:N/C:C/I:C/A:C` Click to expand Access vector (AV:N) Can be exploited remotely over network reachability. Access complexity (AC:L) Exploitation conditions are straightforward and predictable. Authentication (AU:N) No authentication is required. Confidentiality impact (C:C) Complete confidentiality impact. Integrity impact (I:C) Complete integrity impact. Availability impact (A:C) Complete availability impact.	10.0	10.0	[email protected]

Weakness enumeration for CVE-2004-0608

Affected software / configurations for CVE-2004-0608

Vendor	Product	Version	Raw CPE
arush	devastation	390.0	cpe:2.3:a:arush:devastation:390.0:::::::*
dreamforge	tnn_outdoors_pro_hunter	—	cpe:2.3:a:dreamforge:tnn_outdoors_pro_hunter::::::::
epic_games	unreal_engine	226f	cpe:2.3:a:epic_games:unreal_engine:226f:::::::*
epic_games	unreal_engine	433	cpe:2.3:a:epic_games:unreal_engine:433:::::::*
epic_games	unreal_engine	436	cpe:2.3:a:epic_games:unreal_engine:436:::::::*
epic_games	unreal_tournament	451b	cpe:2.3:a:epic_games:unreal_tournament:451b:::::::*
epic_games	unreal_tournament_2003	2199_linux	cpe:2.3:a:epic_games:unreal_tournament_2003:2199_linux:::::::*
epic_games	unreal_tournament_2003	2199_macos	cpe:2.3:a:epic_games:unreal_tournament_2003:2199_macos:::::::*
epic_games	unreal_tournament_2003	2199_win32	cpe:2.3:a:epic_games:unreal_tournament_2003:2199_win32:::::::*
epic_games	unreal_tournament_2003	2225_macos	cpe:2.3:a:epic_games:unreal_tournament_2003:2225_macos:::::::*
epic_games	unreal_tournament_2003	2225_win32	cpe:2.3:a:epic_games:unreal_tournament_2003:2225_win32:::::::*
epic_games	unreal_tournament_2004	macos	cpe:2.3:a:epic_games:unreal_tournament_2004:macos:::::::*
epic_games	unreal_tournament_2004	win32	cpe:2.3:a:epic_games:unreal_tournament_2004:win32:::::::*
infogrames	tacticalops	3.4	cpe:2.3:a:infogrames:tacticalops:3.4:::::::*
infogrames	x-com_enforcer	—	cpe:2.3:a:infogrames:x-com_enforcer::::::::
ion_storm	deusex	1.112_fm	cpe:2.3:a:ion_storm:deusex:1.112_fm:::::::*
nerf_arena_blast	nerf_arena_blast	1.2	cpe:2.3:a:nerf_arena_blast:nerf_arena_blast:1.2:::::::*
rage_software	mobile_forces	20000.0	cpe:2.3:a:rage_software:mobile_forces:20000.0:::::::*
robert_jordan	wheel_of_time	333.0b	cpe:2.3:a:robert_jordan:wheel_of_time:333.0b:::::::*
running_with_scissors	postal_2	1337	cpe:2.3:a:running_with_scissors:postal_2:1337:::::::*
gentoo	linux	1.4	cpe:2.3:o:gentoo:linux:1.4:::::::*

References for CVE-2004-0608

URL	Tags
http://aluigi.altervista.org/adv/unsecure-adv.txt	Vendor Advisory
http://marc.info/?l=bugtraq&m=108787105023304&w=2
http://www.gentoo.org/security/en/glsa/glsa-200407-14.xml	Patch Vendor Advisory
http://www.securityfocus.com/bid/10570	Exploit Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/16451

cvelogic Threat Intelligence