CVE-2010-2627

Published: Jul 2, 2010Modified: Apr 29, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Multiple directory traversal vulnerabilities in the Refractor 2 engine, as used in Battlefield 2 1.50 (1.5.3153-802.0) and earlier, and Battlefield 2142 (1.10.48.0) and earlier, allow remote servers to overwrite arbitrary files on the client via "..\" (dot dot backslash) sequences in URLs for the (1) sponsor or (2) community logos, and other URLs related to (3) DemoDownloadURL, (4) DemoIndexURL and (5) CustomMapsURL.

Affected (2)

Products: Ea: Battlefield 2, Battlefield 2142

2 products

Battlefield 2142

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Ea Battlefield 2	Up to 2.1.50
Ea Battlefield 2142	Up to 1.10.48.0

Related CWEs

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (8)

http://aluigi.altervista.org/adv/bf2urlz-adv.txt

Source: cve@mitre.org

http://osvdb.org/65863

Source: cve@mitre.org

Exploit

http://secunia.com/advisories/40334

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/bid/41262

Source: cve@mitre.org

http://aluigi.altervista.org/adv/bf2urlz-adv.txt

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/65863

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://secunia.com/advisories/40334

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/41262

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.