Published: 31/12/2004 Updated: 11/07/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

xine 1.x alpha, 1.x beta, and 1.0rc up to and including 1.0rc3a, and xine-ui 0.9.21 to 0.9.23 allows remote malicious users to overwrite arbitrary files via the (1) audio.sun_audio_device or (2) dxr3.devicename options in an MRL link.

Vulnerable Product	Search on Vulmon	Subscribe to Product
xine xine-lib 1_rc3a
xine xine-lib 1_rc3b
xine xine 1_beta10
xine xine 1_beta11
xine xine 1_beta7
xine xine 1_beta8
xine xine 1_rc3b
xine xine-lib 1_rc2
xine xine 0.9.13
xine xine 0.9.8
xine xine 1_beta1
xine xine 1_beta5
xine xine 1_beta6
xine xine 1_rc3
xine xine 1_rc3a
xine xine-lib 1_rc3c
xine xine-ui 0.9.21
xine xine 1_beta12
xine xine 1_beta2
xine xine 1_beta9
xine xine 1_rc0a
xine xine-ui 0.9.22
xine xine-ui 0.9.23
xine xine 1_beta3
xine xine 1_beta4
xine xine 1_rc1
xine xine 1_rc2

source: wwwsecurityfocuscom/bid/10193/info It has been reported that the xine media player and the xine media library are affected by multiple remote file overwrite vulnerabilities This is due to a design error that allows various media resource file configurations to write to arbitrary files It is possible to set these configuration p ...

NVD-CWE-Other http://www.xinehq.de/index.php/security/XSA-2004-1 http://www.xinehq.de/index.php/security/XSA-2004-2 http://security.gentoo.org/glsa/glsa-200404-20.xml http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.372791 http://www.securityfocus.com/bid/10193 http://secunia.com/advisories/11433 http://www.osvdb.org/5594 http://www.osvdb.org/5739 https://exchange.xforce.ibmcloud.com/vulnerabilities/15939 https://nvd.nist.gov https://www.exploit-db.com/exploits/24038/

CVE-2004-1951

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect