|
|
Activision : Security Vulnerabilities
| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2019-20893 |
120 |
|
Exec Code Overflow |
2020-06-30 |
2020-07-09 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in Activision Infinity Ward Call of Duty Modern Warfare 2 through 2019-12-11. PartyHost_HandleJoinPartyRequest has a buffer overflow vulnerability and can be exploited by using a crafted joinParty packet. This can be utilized to conduct arbitrary code execution on a victim's machine. |
|
2 |
CVE-2018-20817 |
119 |
|
Exec Code Overflow |
2019-04-19 |
2019-04-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SV_SteamAuthClient in various Activision Infinity Ward Call of Duty games before 2015-08-11 is missing a size check when reading authBlob data into a buffer, which allows one to execute code on the remote target machine when sending a steam authentication request. This affects Call of Duty: Modern Warfare 2, Call of Duty: Modern Warfare 3, Call of Duty: Ghosts, Call of Duty: Advanced Warfare, Call of Duty: Black Ops 1, and Call of Duty: Black Ops 2. |
|
3 |
CVE-2018-10718 |
787 |
|
Exec Code Overflow |
2018-05-03 |
2020-08-24 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in Activision Infinity Ward Call of Duty Modern Warfare 2 before 2018-04-26 allows remote attackers to execute arbitrary code via crafted packets. |
|
4 |
CVE-2012-4918 |
20 |
|
+Info |
2013-01-22 |
2017-08-29 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Call of Duty Elite for iOS 2.0.1 does not properly validate the server SSL certificate, which allows remote attackers to obtain sensitive information via a Man-in-the-Middle (MITM) attack. |
|
5 |
CVE-2008-2106 |
20 |
|
DoS |
2008-05-07 |
2018-10-11 |
6.8 |
None |
Remote |
Low |
??? |
None |
None |
Complete |
|
Call of Duty 4 (CoD4) 1.5 and earlier allows remote authenticated users to cause a denial of service (crash) via a type 7 stats packet, which triggers a memcpy with a negative value. |
|
6 |
CVE-2006-5058 |
|
|
Exec Code Overflow |
2006-09-28 |
2017-07-20 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in (1) Call of Duty 1.5b and earlier, (2) Call of Duty United Offensive 1.51b and earlier, and (3) Call of Duty 2 1.3 and earlier allows remote attackers to execute arbitrary code via a long map argument to the "callvote map" command. |
|
7 |
CVE-2005-0983 |
|
|
DoS |
2005-05-02 |
2016-10-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Quake 3 engine, as used in multiple games, allows remote attackers to cause a denial of service (client disconnect) via a long message, which is not properly truncated and causes the engine to process the remaining data as if it were network data. |
|
8 |
CVE-2004-1664 |
|
|
DoS Overflow |
2004-09-05 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Call of Duty 1.4 and earlier allows remote attackers to cause a denial of service (game end) via a large (1) query or (2) reply packet, which is not properly handled by the buffer overflow protection mechanism. NOTE: this issue might overlap CVE-2005-0430. |
Total number of vulnerabilities : 8
Page :
1
(This Page)
|
|
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is
MITRE's CVE web site.
CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is
MITRE's CWE web site.
OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is
MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition.
There are NO warranties, implied or otherwise, with regard to this information or its use.
Any use of this information is at the user's risk.
It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content.
EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site.
ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT,
INDIRECT or any other kind of loss.
