CVE-2010-2627

Battlefield 2 < 2.1.50 and Battlefield 2142 < 1.10.48.0 - Path Traversal via Logo and Map Download URLs

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-2627. PoCs published by Luigi Auriemma.

AI-analyzed exploit summary This exploit leverages a directory traversal vulnerability in the Refractor 2 engine used by Battlefield 2 and Battlefield 2142. A malicious server can force clients to download and save executable files to arbitrary locations, such as the Startup folder, leading to remote code execution upon the next system reboot.

Description

Multiple directory traversal vulnerabilities in the Refractor 2 engine, as used in Battlefield 2 1.50 (1.5.3153-802.0) and earlier, and Battlefield 2142 (1.10.48.0) and earlier, allow remote servers to overwrite arbitrary files on the client via "..\" (dot dot backslash) sequences in URLs for the (1) sponsor or (2) community logos, and other URLs related to (3) DemoDownloadURL, (4) DemoIndexURL and (5) CustomMapsURL.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Luigi Auriemma · textremotewindows

https://www.exploit-db.com/exploits/14267

View Code ZIP pw:eip

This exploit leverages a directory traversal vulnerability in the Refractor 2 engine used by Battlefield 2 and Battlefield 2142. A malicious server can force clients to download and save executable files to arbitrary locations, such as the Startup folder, leading to remote code execution upon the next system reboot.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Battlefield 2 <= 1.50, Battlefield 2142 <= 1.50, and other Refractor 2 engine-based games

No auth needed

Prerequisites: Control over a game server · Client connection to the malicious server

MITRE ATT&CK

T1195.002 - Compromise Software Supply Chain

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/40334

Exploit vdb-entry x_refsource_osvdb

http://osvdb.org/65863

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/41262

Third Party Advisory x_refsource_misc

http://aluigi.altervista.org/adv/bf2urlz-adv.txt

Scores

EPSS 0.0366

EPSS Percentile 88.2%

Details

CWE

CWE-22

Status published

Products (2)

ea/battlefield_2 < 2.1.50

ea/battlefield_2142 < 1.10.48.0

Published Jul 02, 2010

Tracked Since Feb 18, 2026