Unrated severityNVD Advisory· Published Jul 2, 2010· Updated Apr 29, 2026

CVE-2010-2627

Description

Multiple directory traversal vulnerabilities in the Refractor 2 engine, as used in Battlefield 2 1.50 (1.5.3153-802.0) and earlier, and Battlefield 2142 (1.10.48.0) and earlier, allow remote servers to overwrite arbitrary files on the client via "..\" (dot dot backslash) sequences in URLs for the (1) sponsor or (2) community logos, and other URLs related to (3) DemoDownloadURL, (4) DemoIndexURL and (5) CustomMapsURL.

Affected products

Ea/Battlefield 2
cpe:2.3:a:ea:battlefield_2:*:*:*:*:*:*:*:*
Range: <=2.1.50
Ea/Battlefield 2142
cpe:2.3:a:ea:battlefield_2142:*:*:*:*:*:*:*:*
Range: <=1.10.48.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

osvdb.org/65863nvdExploit
secunia.com/advisories/40334nvdVendor Advisory
aluigi.altervista.org/adv/bf2urlz-adv.txtnvd
www.securityfocus.com/bid/41262nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000