CVE-2019-20893 - OpenCVE

An issue was discovered in Activision Infinity Ward Call of Duty Modern Warfare 2 through 2019-12-11. PartyHost_HandleJoinPartyRequest has a buffer overflow vulnerability and can be exploited by using a crafted joinParty packet. This can be utilized to conduct arbitrary code execution on a victim's machine.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Activision	Call Of Duty Modern Warfare 2

Configuration 1 [-]

cpe:2.3:a:activision:call_of_duty_modern_warfare_2:*:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/BlastsMods/JoinPartyRCE	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2020-06-30T11:35:22

Updated: 2020-06-30T11:35:22

Reserved: 2020-06-30T00:00:00

Link: CVE-2019-20893

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-06-30T12:15:11.353

Modified: 2020-07-09T13:31:10.247

Link: CVE-2019-20893

JSON object: View

Redhat Information

No data.

CWE

CWE-120

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:activision:call_of_duty_modern_warfare_2:*:*:*:*:*:*:*:*", "matchCriteriaId": "BD63F79C-2372-47CC-A075-D83D23DE24D7", "versionEndIncluding": "2019-12-11", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Activision Infinity Ward Call of Duty Modern Warfare 2 through 2019-12-11. PartyHost_HandleJoinPartyRequest has a buffer overflow vulnerability and can be exploited by using a crafted joinParty packet. This can be utilized to conduct arbitrary code execution on a victim's machine."}, {"lang": "es", "value": "Se detect\u00f3 un problema en Activision Infinity Ward Call of Duty Modern Warfare 2 versiones hasta 11-12-2019. La funci\u00f3n PartyHost_HandleJoinPartyRequest presenta una vulnerabilidad de desbordamiento del b\u00fafer y puede ser explotada mediante el uso de un paquete joinParty dise\u00f1ado. Esto puede ser usado para conducir una ejecuci\u00f3n de c\u00f3digo arbitraria en la m\u00e1quina de una v\u00edctima"}], "id": "CVE-2019-20893", "lastModified": "2020-07-09T13:31:10.247", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-06-30T12:15:11.353", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/BlastsMods/JoinPartyRCE"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "nvd@nist.gov", "type": "Primary"}]}