Vulnerabilities > CVE-2004-0735 - Remote Buffer Overflow vulnerability in Medal Of Honor Allied Assault

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
electronic-arts
nessus
exploit available
metasploit
NVD
Published: 2004-07-27
Updated: 2017-07-11

Summary

Buffer overflow in Medal of Honor (1) Allied Assault 1.11v9 and earlier, (2) Breakthrough 2.40b and earlier, and (3) Spearhead 2.15 and earlier, when playing on a Local Area Network (LAN), allows remote attackers to execute arbitrary code via vectors such as (1) the getinfo query, (2) the connect packet, and other unknown vectors.

Vulnerable Configurations

Part Description Count
Application
Electronic_Arts
5

Exploit-Db

  • descriptionMedal of Honor Remote Buffer Overflow Vulnerability. CVE-2004-0735. Dos exploit for windows platform
    idEDB-ID:357
    last seen2016-01-31
    modified2004-07-20
    published2004-07-20
    reporterLuigi Auriemma
    sourcehttps://www.exploit-db.com/download/357/
    titleMedal of Honor Remote Buffer Overflow Vulnerability
  • descriptionMedal Of Honor Allied Assault getinfo Stack Buffer Overflow. CVE-2004-0735. Remote exploit for windows platform
    idEDB-ID:16695
    last seen2016-02-02
    modified2010-05-09
    published2010-05-09
    reportermetasploit
    sourcehttps://www.exploit-db.com/download/16695/
    titleMedal Of Honor Allied Assault getinfo Stack Buffer Overflow
  • descriptionMedal of Honor Spearhead Server Remote Buffer Overflow (Linux). CVE-2004-0735. Remote exploit for linux platform
    idEDB-ID:826
    last seen2016-01-31
    modified2005-02-18
    published2005-02-18
    reportermillhouse
    sourcehttps://www.exploit-db.com/download/826/
    titleMedal of Honor Spearhead Server Remote Buffer Overflow Linux

Metasploit

descriptionThis module exploits a stack based buffer overflow in the getinfo command of Medal Of Honor Allied Assault.
idMSF:EXPLOIT/WINDOWS/GAMES/MOHAA_GETINFO
last seen2020-03-11
modified2017-07-24
published2008-10-07
referenceshttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0735
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/games/mohaa_getinfo.rb
titleMedal of Honor Allied Assault getinfo Stack Buffer Overflow

Nessus

NASL familyGain a shell remotely
NASL idMEDALOFHONOR_BOF.NASL
descriptionThe remote host was running the Medal of Honor game server. The version installed on the remote host is vulnerable to a remote attack that allows for arbitrary code execution. Note that Nessus has disabled this service in testing for this flaw.
last seen2020-06-01
modified2020-06-02
plugin id14243
published2004-08-10
reporterThis script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/14243
titleMedal of Honor Multiple Remote Overflows

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/82984/mohaa_getinfo.rb.txt
idPACKETSTORM:82984
last seen2016-12-05
published2009-11-26
reporterJacopo Cervini
sourcehttps://packetstormsecurity.com/files/82984/Medal-Of-Honor-Allied-Assault-getinfo-Stack-Overflow.html
titleMedal Of Honor Allied Assault getinfo Stack Overflow

References