CVE-2011-0012

Name of the Vulnerable Software and Affected Versions SPICE Firefox plug-in (spice-xpi) versions 2.2 through 2.4

Description The issue allows local users to overwrite arbitrary files via a symlink attack on the usbrdrctl log file, which has a predictable name. Multiple vulnerabilities in the spice-xpi package may lead to disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely.

Recommendations For versions 2.2 through 2.4, consider restricting access to the usbrdrctl log file to prevent symlink attacks until a patch is available. As a temporary workaround, consider disabling the spice-xpi plug-in until a fix is provided to prevent potential exploitation of the vulnerabilities.