CVE-2004-1951

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2004-1951
xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui 0.9.21 to 0.9.23 allows remote attackers to overwrite arbitrary files via the (1) audio.sun_audio_device or (2) dxr3.devicename options in an MRL link.

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://www.xinehq.de/index.php/security/XSA-2004-1 Vendor Advisory
http://www.xinehq.de/index.php/security/XSA-2004-2 Vendor Advisory
http://security.gentoo.org/glsa/glsa-200404-20.xml Patch
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.372791
http://www.securityfocus.com/bid/10193 Exploit Patch
http://secunia.com/advisories/11433
http://www.osvdb.org/5594
http://www.osvdb.org/5739
https://exchange.xforce.ibmcloud.com/vulnerabilities/15939
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:xine:xine-lib:1_rc3a:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine-lib:1_rc3b:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine:1_beta10:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine:1_beta11:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine:1_beta7:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine:1_beta8:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine:1_rc3b:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine-lib:1_rc2:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine:0.9.13:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine:0.9.8:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine:1_beta1:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine:1_beta9:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine:1_beta3:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine:1_rc0a:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine:1_beta4:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine:1_beta2:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine:1_rc3a:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine-ui:0.9.21:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine:1_rc2:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine-lib:1_rc3c:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine:1_beta12:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine-ui:0.9.23:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine:1_rc1:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine:1_beta6:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine:1_rc3:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine-ui:0.9.22:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine:1_beta5:*:*:*:*:*:*:*
Information

Published : 2004-12-30 21:00

Updated : 2017-07-10 18:31

NVD link : CVE-2004-1951

Mitre link : CVE-2004-1951

JSON object : View

CWE
NVD-CWE-Other
Advertisement

dedicated server usa
Products Affected

xine

  • xine-ui
  • xine
  • xine-lib