xine 1.x alpha, 1.x beta, and 1.0rc up to and including 1.0rc3a, and xine-ui 0.9.21 to 0.9.23 allows remote malicious users to overwrite arbitrary files via the (1) audio.sun_audio_device or (2) dxr3.devicename options in an MRL link.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
xine xine-lib 1_rc3a |
||
xine xine-lib 1_rc3b |
||
xine xine 1_beta10 |
||
xine xine 1_beta11 |
||
xine xine 1_beta7 |
||
xine xine 1_beta8 |
||
xine xine 1_rc3b |
||
xine xine-lib 1_rc2 |
||
xine xine 0.9.13 |
||
xine xine 0.9.8 |
||
xine xine 1_beta1 |
||
xine xine 1_beta5 |
||
xine xine 1_beta6 |
||
xine xine 1_rc3 |
||
xine xine 1_rc3a |
||
xine xine-lib 1_rc3c |
||
xine xine-ui 0.9.21 |
||
xine xine 1_beta12 |
||
xine xine 1_beta2 |
||
xine xine 1_beta9 |
||
xine xine 1_rc0a |
||
xine xine-ui 0.9.22 |
||
xine xine-ui 0.9.23 |
||
xine xine 1_beta3 |
||
xine xine 1_beta4 |
||
xine xine 1_rc1 |
||
xine xine 1_rc2 |