CVE-2004-1216

Kreed <= 1.05 - Denial of Service via Long Nickname or Model Type

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-1216. PoCs published by Luigi Auriemma.

AI-analyzed exploit summary This exploit targets multiple vulnerabilities in Kreed <= 1.05, including a format string vulnerability in client nicknames, a DoS via oversized packets, and script dialog errors. The code includes functional exploit logic for these attacks, with network communication and payload construction.

Description

The scripts that handle players in Kreed 1.05 and earlier allow remote attackers to cause a denial of service (server freeze) via a long (1) nickname or (2) model type, which generates dialog boxes on the server that must be manually handled before the server continues the game.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Luigi Auriemma · cdoswindows
https://www.exploit-db.com/exploits/672

This exploit targets multiple vulnerabilities in Kreed <= 1.05, including a format string vulnerability in client nicknames, a DoS via oversized packets, and script dialog errors. The code includes functional exploit logic for these attacks, with network communication and payload construction.

Classification
Working Poc 95%
Attack Type
Dos | Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Kreed <= 1.05
No auth needed
Prerequisites: Network access to the target server · Target running Kreed <= 1.05
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3
Core References
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=110201776207915&w=2
Exploit, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/11799
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/18345

Scores

EPSS 0.0314
EPSS Percentile 86.2%

Details

Status published
Products (1)
burut/kreed 1.5
Published Jan 10, 2005
Tracked Since Feb 18, 2026