CVE-2008-2106
Activision Call OF Duty 4 < 1.5 - Improper Input Validation
Title source: ruleDescription
Call of Duty 4 (CoD4) 1.5 and earlier allows remote authenticated users to cause a denial of service (crash) via a type 7 stats packet, which triggers a memcpy with a negative value.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Luigi Auriemma · textdosmultiple
https://www.exploit-db.com/exploits/31728
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/29026
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/30050
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/3858
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/491564/100/0/threaded
Third Party Advisory x_refsource_misc
http://aluigi.altervista.org/adv/cod4statz-adv.txt
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/42163
Scores
EPSS
0.1189
EPSS Percentile
93.8%
Details
CWE
CWE-20
Status
published
Products (1)
activision/call_of_duty_4
< 1.5
Published
May 07, 2008
Tracked Since
Feb 18, 2026