CVE-2010-2627

Published Jul 2, 2010

Last updated 14 years ago

Overview

Description: Multiple directory traversal vulnerabilities in the Refractor 2 engine, as used in Battlefield 2 1.50 (1.5.3153-802.0) and earlier, and Battlefield 2142 (1.10.48.0) and earlier, allow remote servers to overwrite arbitrary files on the client via "..\" (dot dot backslash) sequences in URLs for the (1) sponsor or (2) community logos, and other URLs related to (3) DemoDownloadURL, (4) DemoIndexURL and (5) CustomMapsURL.
Source: cve@mitre.org
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-22

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ea:battlefield_2:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FC0C0EB8-F09A-40F1-A28C-4F0A0C2280B2",
            "versionEndIncluding": "2.1.50"
          },
          {
            "criteria": "cpe:2.3:a:ea:battlefield_2142:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B2EDD754-9895-4D94-B657-64AFA165CD6A",
            "versionEndIncluding": "1.10.48.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References