CVE-2004-0608
Unreal Engine - RCE
Title source: llmDescription
The Unreal Engine, as used in DeusEx 1.112fm and earlier, Devastation 390 and earlier, Mobile Forces 20000 and earlier, Nerf Arena Blast 1.2 and earlier, Postal 2 1337 and earlier, Rune 107 and earlier, Tactical Ops 3.4.0 and earlier, Unreal 1 226f and earlier, Unreal II XMP 7710 and earlier, Unreal Tournament 451b and earlier, Unreal Tournament 2003 2225 and earlier, Unreal Tournament 2004 before 3236, Wheel of Time 333b and earlier, and X-com Enforcer, allows remote attackers to execute arbitrary code via a UDP packet containing a secure query with a long value, which overwrites memory.
Exploits (5)
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16693
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubyremotelinux
https://www.exploit-db.com/exploits/16848
exploitdb
WORKING POC
VERIFIED
by onetwo · rubyremotelinux
https://www.exploit-db.com/exploits/10032
metasploit
WORKING POC
GOOD
by stinko · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/games/ut2004_secure.rb
metasploit
WORKING POC
GOOD
by onetwo · rubypoclinux
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/games/ut2004_secure.rb
References (5)
Scores
EPSS
0.6442
EPSS Percentile
98.5%
Details
Status
published
Products (21)
arush/devastation
390.0
dreamforge/tnn_outdoors_pro_hunter
epic_games/unreal_engine
226f
epic_games/unreal_engine
433
epic_games/unreal_engine
436
epic_games/unreal_tournament
451b
epic_games/unreal_tournament_2003
2199_linux
epic_games/unreal_tournament_2003
2199_macos
epic_games/unreal_tournament_2003
2199_win32
epic_games/unreal_tournament_2003
2225_macos
... and 11 more
Published
Dec 06, 2004
Tracked Since
Feb 18, 2026