Vulnerability Description
Multiple directory traversal vulnerabilities in the Refractor 2 engine, as used in Battlefield 2 1.50 (1.5.3153-802.0) and earlier, and Battlefield 2142 (1.10.48.0) and earlier, allow remote servers to overwrite arbitrary files on the client via "..\" (dot dot backslash) sequences in URLs for the (1) sponsor or (2) community logos, and other URLs related to (3) DemoDownloadURL, (4) DemoIndexURL and (5) CustomMapsURL.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ea | Battlefield 2 | <= 2.1.50 |
| Ea | Battlefield 2142 | <= 1.10.48.0 |
Related Weaknesses (CWE)
References
- http://aluigi.altervista.org/adv/bf2urlz-adv.txt
- http://osvdb.org/65863Exploit
- http://secunia.com/advisories/40334Vendor Advisory
- http://www.securityfocus.com/bid/41262
- http://aluigi.altervista.org/adv/bf2urlz-adv.txt
- http://osvdb.org/65863Exploit
- http://secunia.com/advisories/40334Vendor Advisory
- http://www.securityfocus.com/bid/41262
FAQ
What is CVE-2010-2627?
CVE-2010-2627 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Multiple directory traversal vulnerabilities in the Refractor 2 engine, as used in Battlefield 2 1.50 (1.5.3153-802.0) and earlier, and Battlefield 2142 (1.10.48.0) and earlier, allow remote servers t...
How severe is CVE-2010-2627?
CVE-2010-2627 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-2627?
Check the references section above for vendor advisories and patch information. Affected products include: Ea Battlefield 2, Ea Battlefield 2142.