This document is based on Battlefield 1942's query responses, but this vulnerability exists in many games. As a basic rule of thumb, if it supports gamespy, it will likely be vulnerable.
The following games are vulnerable to the same type of attack, & most use the same general query commands (excluding Quake, Quake 2, Return to Castle Wolfenstein, & a couple others). The other query commands can be found in the source of a free program called "Server Query" (https://www.ServerQuery.com). The general rule of thumb is: If its supported by GameSpy & Server Query, its vulnerable.
Vendor status:
Electronic Arts was notified on November 20, 2002. No response currently.
No fix currently, but a fix is planned from GameSpy.