- Description
- Multiple directory traversal vulnerabilities in the Refractor 2 engine, as used in Battlefield 2 1.50 (1.5.3153-802.0) and earlier, and Battlefield 2142 (1.10.48.0) and earlier, allow remote servers to overwrite arbitrary files on the client via "..\" (dot dot backslash) sequences in URLs for the (1) sponsor or (2) community logos, and other URLs related to (3) DemoDownloadURL, (4) DemoIndexURL and (5) CustomMapsURL.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 6.4
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:P
- nvd@nist.gov
- CWE-22
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ea:battlefield_2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FC0C0EB8-F09A-40F1-A28C-4F0A0C2280B2",
"versionEndIncluding": "2.1.50"
},
{
"criteria": "cpe:2.3:a:ea:battlefield_2142:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B2EDD754-9895-4D94-B657-64AFA165CD6A",
"versionEndIncluding": "1.10.48.0"
}
],
"operator": "OR"
}
]
}
]