The MagnatuneBrowser::listDownloadComplete function in magnatunebrowser/magnatunebrowser.cpp in Amarok prior to 1.4.10 allows local users to overwrite arbitrary files via a symlink attack on the album_info.xml temporary file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
amarok amarok 1.4.9.1 |