Description
xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui 0.9.21 to 0.9.23 allows remote attackers to overwrite arbitrary files via the (1) audio.sun_audio_device or (2) dxr3.devicename options in an MRL link.
Product(s):
- Xine Xine-lib 1_rc2
- Xine Xine-lib 1_rc3a
- Xine Xine-lib 1_rc3b
- Xine Xine-lib 1_rc3c
- Xine Xine-UI 0.9.21
- Xine Xine-UI 0.9.22
- Xine Xine-UI 0.9.23
- Xine Xine 0.9.13
- Xine 0.9.8
- Xine Xine 1 Beta 10
- Xine Xine 1 Beta 11
- Xine Xine 1 Beta 12
- Xine Xine 1 Beta 1
- Xine 1 Beta 2
- Xine 1 Beta 3
- Xine 1 Beta 4
- Xine 1 Beta 5
- Xine 1 Beta 6
- Xine Xine 1 Beta 7
- Xine Xine 1 Beta 8
- Xine Xine 1 Beta 9
- Xine Xine 1 RC0a
- Xine 1_rc1
- Xine 1_rc2
- Xine 1_rc3
- Xine 1_rc3a
- Xine 1_rc3b
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2004-1951, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2004-1951 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.