CVE-2004-1951

xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui 0.9.21 to 0.9.23 allows remote attackers to overwrite arbitrary files via the (1) audio.sun_audio_device or (2) dxr3.devicename options in an MRL link.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/11433
http://security.gentoo.org/glsa/glsa-200404-20.xml	Patch
http://www.osvdb.org/5594
http://www.osvdb.org/5739
http://www.securityfocus.com/bid/10193	Exploit Patch
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.372791
http://www.xinehq.de/index.php/security/XSA-2004-1	Vendor Advisory
http://www.xinehq.de/index.php/security/XSA-2004-2	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/15939
http://secunia.com/advisories/11433
http://security.gentoo.org/glsa/glsa-200404-20.xml	Patch
http://www.osvdb.org/5594
http://www.osvdb.org/5739
http://www.securityfocus.com/bid/10193	Exploit Patch
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.372791
http://www.xinehq.de/index.php/security/XSA-2004-1	Vendor Advisory
http://www.xinehq.de/index.php/security/XSA-2004-2	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/15939

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:xine:xine:0.9.8:::::::*
	cpe:2.3:a:xine:xine:0.9.13:::::::*
	cpe:2.3:a:xine:xine:1_beta1:::::::*
	cpe:2.3:a:xine:xine:1_beta2:::::::*
	cpe:2.3:a:xine:xine:1_beta3:::::::*
	cpe:2.3:a:xine:xine:1_beta4:::::::*
	cpe:2.3:a:xine:xine:1_beta5:::::::*
	cpe:2.3:a:xine:xine:1_beta6:::::::*
	cpe:2.3:a:xine:xine:1_beta7:::::::*
	cpe:2.3:a:xine:xine:1_beta8:::::::*
	cpe:2.3:a:xine:xine:1_beta9:::::::*
	cpe:2.3:a:xine:xine:1_beta10:::::::*
	cpe:2.3:a:xine:xine:1_beta11:::::::*
	cpe:2.3:a:xine:xine:1_beta12:::::::*
	cpe:2.3:a:xine:xine:1_rc0a:::::::*
	cpe:2.3:a:xine:xine:1_rc1:::::::*
	cpe:2.3:a:xine:xine:1_rc2:::::::*
	cpe:2.3:a:xine:xine:1_rc3:::::::*
	cpe:2.3:a:xine:xine:1_rc3a:::::::*
	cpe:2.3:a:xine:xine:1_rc3b:::::::*
	cpe:2.3:a:xine:xine-lib:1_rc2:::::::*
	cpe:2.3:a:xine:xine-lib:1_rc3a:::::::*
	cpe:2.3:a:xine:xine-lib:1_rc3b:::::::*
	cpe:2.3:a:xine:xine-lib:1_rc3c:::::::*
	cpe:2.3:a:xine:xine-ui:0.9.21:::::::*
	cpe:2.3:a:xine:xine-ui:0.9.22:::::::*
	cpe:2.3:a:xine:xine-ui:0.9.23:::::::*

History

20 Nov 2024, 23:52

Type	Values Removed	Values Added
References	~~() http://secunia.com/advisories/11433 -~~	() http://secunia.com/advisories/11433 -
References	~~() http://security.gentoo.org/glsa/glsa-200404-20.xml - Patch~~	() http://security.gentoo.org/glsa/glsa-200404-20.xml - Patch
References	~~() http://www.osvdb.org/5594 -~~	() http://www.osvdb.org/5594 -
References	~~() http://www.osvdb.org/5739 -~~	() http://www.osvdb.org/5739 -
References	~~() http://www.securityfocus.com/bid/10193 - Exploit, Patch~~	() http://www.securityfocus.com/bid/10193 - Exploit, Patch
References	~~() http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.372791 -~~	() http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.372791 -
References	~~() http://www.xinehq.de/index.php/security/XSA-2004-1 - Vendor Advisory~~	() http://www.xinehq.de/index.php/security/XSA-2004-1 - Vendor Advisory
References	~~() http://www.xinehq.de/index.php/security/XSA-2004-2 - Vendor Advisory~~	() http://www.xinehq.de/index.php/security/XSA-2004-2 - Vendor Advisory
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/15939 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/15939 -

Information

Published : 2004-12-31 05:00

Updated : 2024-11-20 23:52

NVD link : CVE-2004-1951

Mitre link : CVE-2004-1951

CVE.ORG link : CVE-2004-1951

JSON object : View

Products Affected

xine

xine-ui
xine
xine-lib

CWE

NVD-CWE-Other

5.0 /10