CVE-2010-2627

Name of the Vulnerable Software and Affected Versions Battlefield 2 versions 1.50 (1.5.3153-802.0) and earlier Battlefield 2142 versions 1.10.48.0 and earlier

Description The issue allows remote servers to overwrite arbitrary files on the client via ".." (dot dot backslash) sequences in URLs for the sponsor or community logos, and other URLs related to DemoDownloadURL, DemoIndexURL, and CustomMapsURL.

Recommendations For Battlefield 2 versions 1.50 (1.5.3153-802.0) and earlier, consider restricting access to the sponsor and community logos URLs to minimize the risk of exploitation. For Battlefield 2142 versions 1.10.48.0 and earlier, avoid using the DemoDownloadURL, DemoIndexURL, and CustomMapsURL until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.