CVE-2004-0735

Medal of Honor Allied Assault - Buffer Overflow via LAN Query and Connect Packet

Title source: llm

Exploitation Summary

EIP tracks 4 public exploits for CVE-2004-0735. PoCs published by Metasploit, millhouse, Luigi Auriemma, including Metasploit module exploits/windows/games/mohaa_getinfo.

AI-analyzed exploit summary This exploit targets a stack-based buffer overflow in Medal Of Honor Allied Assault's getinfo command via UDP. It constructs a malicious payload to achieve remote code execution by overwriting the return address and executing shellcode.

Description

Buffer overflow in Medal of Honor (1) Allied Assault 1.11v9 and earlier, (2) Breakthrough 2.40b and earlier, and (3) Spearhead 2.15 and earlier, when playing on a Local Area Network (LAN), allows remote attackers to execute arbitrary code via vectors such as (1) the getinfo query, (2) the connect packet, and other unknown vectors.

Exploits (4)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16695

View Code ZIP pw:eip

This exploit targets a stack-based buffer overflow in Medal Of Honor Allied Assault's getinfo command via UDP. It constructs a malicious payload to achieve remote code execution by overwriting the return address and executing shellcode.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Medal Of Honor Allied Assault v1.0

No auth needed

Prerequisites: Network access to the target's UDP port 12203 · Target running Medal Of Honor Allied Assault v1.0

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by millhouse · cremotelinux

https://www.exploit-db.com/exploits/826

View Code ZIP pw:eip

This is a remote buffer overflow exploit for Medal of Honor Spearhead Dedicated Server (Linux) that leverages an alphanumeric shellcode to bypass character filtering and achieve remote code execution. It targets specific return addresses for different Linux distributions and spawns a bindshell on port 6000.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: Medal of Honor Spearhead Dedicated Server 2.15 (Linux)

No auth needed

Prerequisites: Network access to the target server · Target server running vulnerable Medal of Honor Spearhead version

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Luigi Auriemma · cdoswindows

https://www.exploit-db.com/exploits/357

View Code ZIP pw:eip

This exploit demonstrates a buffer overflow vulnerability in Medal of Honor game servers (AA <= 1.11v9, SH <= 2.15, BT <= 2.40b) via UDP port 12203. It includes payloads for both Windows and Linux targets, overwriting the return address with 0xdeadc0de to test for vulnerability.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Medal of Honor (AA <= 1.11v9, SH <= 2.15, BT <= 2.40b)

No auth needed

Prerequisites: Network access to the target server · UDP port 12203 accessible

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC GREAT

by Jacopo Cervini · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/games/mohaa_getinfo.rb

View Code ZIP pw:eip

This Metasploit module exploits a stack-based buffer overflow in Medal of Honor Allied Assault via the 'getinfo' command over UDP. It constructs a malicious payload with NOP sleds, shellcode, and a return address to achieve remote code execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Medal of Honor Allied Assault v1.0

No auth needed

Prerequisites: Network access to UDP port 12203 · Vulnerable version of Medal of Honor Allied Assault

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=109008314631518&w=2

Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/10743

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/16715

Scores

EPSS 0.6211

EPSS Percentile 99.1%

Details

Status published

Products (5)

electronic_arts/medal_of_honor_allied_assault 1.0

electronic_arts/medal_of_honor_allied_assault 1.1

electronic_arts/medal_of_honor_allied_assault 1.11_v9

electronic_arts/medal_of_honor_allied_assault breakthrough_2.40_b

electronic_arts/medal_of_honor_allied_assault spearhead_2.15

Published Jul 27, 2004

Tracked Since Feb 18, 2026