Description
Multiple directory traversal vulnerabilities in the Refractor 2 engine, as used in Battlefield 2 1.50 (1.5.3153-802.0) and earlier, and Battlefield 2142 (1.10.48.0) and earlier, allow remote servers to overwrite arbitrary files on the client via "..\" (dot dot backslash) sequences in URLs for the (1) sponsor or (2) community logos, and other URLs related to (3) DemoDownloadURL, (4) DemoIndexURL and (5) CustomMapsURL.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Luigi Auriemma · textremotewindows
https://www.exploit-db.com/exploits/14267
References (4)
Core 4
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/40334
Exploit vdb-entry
x_refsource_osvdb
http://osvdb.org/65863
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/41262
Third Party Advisory x_refsource_misc
http://aluigi.altervista.org/adv/bf2urlz-adv.txt
Scores
EPSS
0.0091
EPSS Percentile
76.0%
Details
CWE
CWE-22
Status
published
Products (2)
ea/battlefield_2
< 2.1.50
ea/battlefield_2142
< 1.10.48.0
Published
Jul 02, 2010
Tracked Since
Feb 18, 2026