CVE-2010-2627 Information

Description

Multiple directory traversal vulnerabilities in the Refractor 2 engine as used in Battlefield 2 1.50 (1.5.3153-802.0) and earlier and Battlefield 2142 (1.10.48.0) and earlier allow remote servers to overwrite arbitrary files on the client via ..\\ (dot dot backslash) sequences in URLs for the (1) sponsor or (2) community logos and other URLs related to (3) DemoDownloadURL (4) DemoIndexURL and (5) CustomMapsURL.

Reference

http://aluigi.altervista.org/adv/bf2urlz-adv.txt http://aluigi.altervista.org/adv/bf2urlz-adv.txt http://osvdb.org/65863 http://secunia.com/advisories/40334 http://www.securityfocus.com/bid/41262