header-logo
Suggest Exploit
vendor:
xine Media Player and Library
by:
Unknown
7.5
CVSS
HIGH
Remote File Overwrite
Unknown
CWE
Product Name: xine Media Player and Library
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: Unknown
Related CWE:
CPE: Unknown
Metasploit:
Other Scripts:
Platforms Tested: Unknown
Unknown

Multiple Remote File Overwrite Vulnerabilities in xine Media Player and Library

The xine media player and library are affected by multiple remote file overwrite vulnerabilities. This is due to a design error that allows various media resource file configurations to write to arbitrary files. By setting certain configuration parameters and specifying an attacker-specified file, an attacker can overwrite the target file on the affected system.

Mitigation:

Unknown
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/10193/info

It has been reported that the xine media player and the xine media library are affected by multiple remote file overwrite vulnerabilities. This is due to a design error that allows various media resource file configurations to write to arbitrary files.

It is possible to set these configuration parameters to write to arbitrary files on the affected system. It should be noted that this issue, as it is currently known, only affects Sun based systems as well as those using the DXR3 or Hollywood+ MPEG decoder audio card. It has been conjectured however that similar configuration parameters exists that affect other systems.

The configuration syntax:

"cfg:/audio.sun_audio_device:targetFile" 

If followed by the entry:

"http://www.example.com/attackerSpecifiedFile"

Will cause the attacker specified file to be written to the target file.