Aggregates CVE and security vulnerability intelligence across all activision-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk buffer overflow, vendor risk input validation, and vendor risk memory corruption, with potential vendor impact application crash across vendor surface software deployment use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2019-20893 | An issue was discovered in Activision Infinity Ward Call of Duty Modern Warfare 2 through 2019-12-11. PartyHost_HandleJoinPartyRequest has a buffer overflow vulnerability and can be exploited by using a crafted joinParty packet. This can be utilized to conduct arbitrary code execution on a victim's machine. | [email protected] | 9.8 | 0.85% | 2020-06-30 | 2024-11-21 |
| CVE-2018-20817 | SV_SteamAuthClient in various Activision Infinity Ward Call of Duty games before 2015-08-11 is missing a size check when reading authBlob data into a buffer, which allows one to execute code on the remote target machine when sending a steam authentication request. This affects Call of Duty: Modern Warfare 2, Call of Duty: Modern Warfare 3, Call of Duty: Ghosts, Call of Duty: Advanced Warfare, Call of Duty: Black Ops 1, and Call of Duty: Black Ops 2. | [email protected] | 9.8 | 3.06% | 2019-04-19 | 2024-11-21 |
| CVE-2018-10718 | Stack-based buffer overflow in Activision Infinity Ward Call of Duty Modern Warfare 2 before 2018-04-26 allows remote attackers to execute arbitrary code via crafted packets. | [email protected] | 10.0 | 57.96% | 2018-05-03 | 2024-11-21 |
| CVE-2012-4918 | Call of Duty Elite for iOS 2.0.1 does not properly validate the server SSL certificate, which allows remote attackers to obtain sensitive information via a Man-in-the-Middle (MITM) attack. | [email protected] | 5.8 | 0.21% | 2013-01-22 | 2026-04-29 |
| CVE-2008-2106 | Call of Duty 4 (CoD4) 1.5 and earlier allows remote authenticated users to cause a denial of service (crash) via a type 7 stats packet, which triggers a memcpy with a negative value. | [email protected] | 6.8 | 11.89% | 2008-05-07 | 2026-04-23 |
| CVE-2006-5058 | Buffer overflow in (1) Call of Duty 1.5b and earlier, (2) Call of Duty United Offensive 1.51b and earlier, and (3) Call of Duty 2 1.3 and earlier allows remote attackers to execute arbitrary code via a long map argument to the "callvote map" command. | [email protected] | 7.5 | 30.85% | 2006-09-28 | 2026-04-23 |
| CVE-2005-0983 | Quake 3 engine, as used in multiple games, allows remote attackers to cause a denial of service (client disconnect) via a long message, which is not properly truncated and causes the engine to process the remaining data as if it were network data. | [email protected] | 5.0 | 1.33% | 2005-05-02 | 2026-04-16 |
| CVE-2004-1664 | Call of Duty 1.4 and earlier allows remote attackers to cause a denial of service (game end) via a large (1) query or (2) reply packet, which is not properly handled by the buffer overflow protection mechanism. NOTE: this issue might overlap CVE-2005-0430. | [email protected] | 5.0 | 9.77% | 2004-09-05 | 2026-04-16 |