CVE-2004-1951

Name of the Vulnerable Software and Affected Versions xine versions 1.x alpha through 1.0rc3a xine-ui versions 0.9.21 through 0.9.23

Description The issue allows remote attackers to overwrite arbitrary files via specific options in an MRL link, including the audio.sun audio device or dxr3.devicename options.

Recommendations For xine versions 1.x alpha through 1.0rc3a, avoid using the audio.sun audio device and dxr3.devicename options in MRL links until a fix is available. For xine-ui versions 0.9.21 through 0.9.23, restrict the use of the audio.sun audio device and dxr3.devicename options in MRL links to minimize the risk of exploitation.