CVE-2004-1220

Battlefield 1942 and Vietnam - Denial of Service via Large numplayers Server Reply

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2004-1220. PoCs published by Luigi Auriemma.

AI-analyzed exploit summary This exploit demonstrates an authentication bypass and information disclosure vulnerability in BFCommand & Control (BFCC) and BFVCC servers. It allows anonymous access to user accounts and passwords via crafted network requests.

Description

Battlefield 1942 1.6.19 and earlier, and Battlefield Vietnam 1.2 and earlier, allows a remote master server to cause a denial of service (client crash) via a server reply that contains a large numplayers value, which triggers a null dereference.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Luigi Auriemma · cremotewindows

https://www.exploit-db.com/exploits/1183

View Code ZIP pw:eip

This exploit demonstrates an authentication bypass and information disclosure vulnerability in BFCommand & Control (BFCC) and BFVCC servers. It allows anonymous access to user accounts and passwords via crafted network requests.

Classification

Working Poc 95%

Attack Type

Auth Bypass | Info Leak

Complexity

Trivial

Reliability

Reliable

Target: BFCommand & Control (BFCC) <= 1.22_A, BFVCC <= 2.14_B

No auth needed

Prerequisites: Network access to the target server

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Luigi Auriemma · cdoswindows

https://www.exploit-db.com/exploits/679

View Code ZIP pw:eip

This exploit targets a denial-of-service (DoS) vulnerability in Battlefield 1942 and Vietnam by sending a malformed UDP packet with an excessively large player count value (2147483647). The exploit binds to a specified port and responds to incoming client queries with the crafted payload, causing the game server to crash.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Battlefield 1942 <= 1.6.19 and Battlefield Vietnam <= 1.2

No auth needed

Prerequisites: Network access to the target game server · UDP port accessibility (default 23000 or 22000)

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=110244662102167&w=2

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/18402

Exploit, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/11838

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/18400

Scores

EPSS 0.0326

EPSS Percentile 86.8%

Details

Status published

Products (2)

digital_illusions/battlefield_1942 1.6.19

digital_illusions/battlefield_vietnam 1.2

Published Jan 10, 2005

Tracked Since Feb 18, 2026