CVE-2004-0290

Purge Jihad <= 2.0.1 - Remote Code Execution via Large Battle Type or Map Name Fields

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-0290. PoCs published by Luigi Auriemma.

AI-analyzed exploit summary The writeup describes a buffer overflow vulnerability in Freeform Interactive Purge and Purge Jihad game clients, exploitable by a malicious server during connection negotiation. The issue can lead to arbitrary code execution with the privileges of the user running the game client.

Description

Buffer overflow in Purge Jihad 2.0.1 and earlier allows remote game servers to execute arbitrary code via an information packet that contains large (1) battle type and (2) map name fields.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Luigi Auriemma · textremotemultiple
https://www.exploit-db.com/exploits/23707

The writeup describes a buffer overflow vulnerability in Freeform Interactive Purge and Purge Jihad game clients, exploitable by a malicious server during connection negotiation. The issue can lead to arbitrary code execution with the privileges of the user running the game client.

Classification
Writeup 80%
Attack Type
Rce
Complexity
Moderate
Reliability
Theoretical
Target: Freeform Interactive Purge and Purge Jihad game clients
No auth needed
Prerequisites: A malicious game server · Network access to the target client
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/9671
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/15216
Various Sources x_refsource_confirm
http://purge.worthplaying.com/phpbb/viewtopic.php?t=1167
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=107695064204362&w=2

Scores

EPSS 0.0615
EPSS Percentile 92.5%

Details

Status published
Products (2)
freeform_interactive/purge 1.4.7
freeform_interactive/purge_jihad 2.0.1
Published Nov 23, 2004
Tracked Since Feb 18, 2026