CVE-2004-0608

Unreal Engine - RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 5 public exploits for CVE-2004-0608. PoCs published by Metasploit, onetwo, stinko, including Metasploit module exploits/windows/games/ut2004_secure.

AI-analyzed exploit summary This is a Metasploit module exploiting a buffer overflow in Unreal Tournament 2004's GameSpy secure query feature via a maliciously crafted UDP packet. It targets a specific return address to achieve remote code execution.

Description

The Unreal Engine, as used in DeusEx 1.112fm and earlier, Devastation 390 and earlier, Mobile Forces 20000 and earlier, Nerf Arena Blast 1.2 and earlier, Postal 2 1337 and earlier, Rune 107 and earlier, Tactical Ops 3.4.0 and earlier, Unreal 1 226f and earlier, Unreal II XMP 7710 and earlier, Unreal Tournament 451b and earlier, Unreal Tournament 2003 2225 and earlier, Unreal Tournament 2004 before 3236, Wheel of Time 333b and earlier, and X-com Enforcer, allows remote attackers to execute arbitrary code via a UDP packet containing a secure query with a long value, which overwrites memory.

Exploits (5)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16693

This is a Metasploit module exploiting a buffer overflow in Unreal Tournament 2004's GameSpy secure query feature via a maliciously crafted UDP packet. It targets a specific return address to achieve remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Unreal Tournament 2004 Build 3186
No auth needed
Prerequisites: Network access to the target's UDP port 7787 · Target running a vulnerable version of Unreal Tournament 2004
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotelinux
https://www.exploit-db.com/exploits/16848

This is a Metasploit module exploiting a buffer overflow in Unreal Tournament 2004's GameSpy secure query feature via a crafted UDP packet. It targets specific Linux builds (3120, 3186) and delivers a payload for remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Unreal Tournament 2004 (Linux Builds 3120, 3186)
No auth needed
Prerequisites: Network access to UDP port 7787 · Target running vulnerable UT2004 build
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by onetwo · rubyremotelinux
https://www.exploit-db.com/exploits/10032

This is a Metasploit module exploiting a buffer overflow in Unreal Tournament 2004's GameSpy secure query feature via a single UDP packet. It targets specific Linux builds (3120, 3186) and includes a check function to verify vulnerability.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Unreal Tournament 2004 Linux Builds 3120, 3186
No auth needed
Prerequisites: Network access to UDP port 7787 · Target running vulnerable Unreal Tournament 2004 build
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GOOD
by stinko · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/games/ut2004_secure.rb

This is a Metasploit module exploiting a buffer overflow in Unreal Tournament 2004's GameSpy secure query feature via a crafted UDP packet. It targets specific builds and achieves remote code execution by overwriting the EIP with a JMP ESP instruction.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Unreal Tournament 2004 Build 3186
No auth needed
Prerequisites: Network access to the target's UDP port 7787 · Target running a vulnerable version of Unreal Tournament 2004
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GOOD
by onetwo · rubypoclinux
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/games/ut2004_secure.rb

This is a Metasploit module exploiting a buffer overflow in Unreal Tournament 2004's GameSpy secure query feature on Linux. It sends a maliciously crafted UDP packet to trigger remote code execution by overwriting the return address and injecting shellcode.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Unreal Tournament 2004 Linux Build 3120/3186
No auth needed
Prerequisites: Network access to the target's UDP port 7787 · Target running vulnerable UT2004 Linux build
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/10570
Patch, Vendor Advisory vendor-advisory x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200407-14.xml
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=108787105023304&w=2
Vendor Advisory x_refsource_misc
http://aluigi.altervista.org/adv/unsecure-adv.txt
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/16451

Scores

EPSS 0.7414
EPSS Percentile 99.4%

Details

Status published
Products (21)
arush/devastation 390.0
dreamforge/tnn_outdoors_pro_hunter
epic_games/unreal_engine 226f
epic_games/unreal_engine 433
epic_games/unreal_engine 436
epic_games/unreal_tournament 451b
epic_games/unreal_tournament_2003 2199_linux
epic_games/unreal_tournament_2003 2199_macos
epic_games/unreal_tournament_2003 2199_win32
epic_games/unreal_tournament_2003 2225_macos
... and 11 more
Published Dec 06, 2004
Tracked Since Feb 18, 2026