xine 1.x alpha, 1.x beta, and 1.0rc up to and including 1.0rc3a, and xine-ui 0.9.21 to 0.9.23 allows remote malicious users to overwrite arbitrary files via the (1) audio.sun_audio_device or (2) dxr3.devicename options in an MRL link.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
xine xine 1 beta9 |
||
xine xine 1 beta3 |
||
xine xine 1 rc0a |
||
xine xine-lib 1 rc3b |
||
xine xine 1 beta4 |
||
xine xine 1 rc3b |
||
xine xine 1 beta2 |
||
xine xine 0.9.8 |
||
xine xine 1 rc3a |
||
xine xine-ui 0.9.21 |
||
xine xine 1 rc2 |
||
xine xine-lib 1 rc3c |
||
xine xine 1 beta10 |
||
xine xine 1 beta12 |
||
xine xine-ui 0.9.23 |
||
xine xine 1 beta11 |
||
xine xine 1 beta7 |
||
xine xine 1 beta8 |
||
xine xine 0.9.13 |
||
xine xine 1 rc1 |
||
xine xine-lib 1 rc2 |
||
xine xine 1 beta6 |
||
xine xine 1 beta1 |
||
xine xine 1 rc3 |
||
xine xine-lib 1 rc3a |
||
xine xine-ui 0.9.22 |
||
xine xine 1 beta5 |