CVE-2003-1294

Name: CVE-2003-1294
Creator: NVD / NIST
Published: 2003-12-31T05:00:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.42%

Last modified Jun 16, 2026

CVE-2003-1294 is a vulnerability of currently unknown severity. Xscreensaver before 4.15 creates temporary files insecurely in (1) driver/passwd-kerberos.c, (2) driver/xscreensaver-getimage-video, (3) driver/xscreensaver.kss.in, and the (4) vidwhacker and (5) webcollage screensavers, which allows local users to overwrite arbitrary files via a symlink attack.. EPSS estimates a 0.42% chance of exploitation in the next 30 days.

Description

Xscreensaver before 4.15 creates temporary files insecurely in (1) driver/passwd-kerberos.c, (2) driver/xscreensaver-getimage-video, (3) driver/xscreensaver.kss.in, and the (4) vidwhacker and (5) webcollage screensavers, which allows local users to overwrite arbitrary files via a symlink attack.

Metrics

EPSS Probability

0.42%

33.4th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions
Xscreensaver	Xscreensaver	4.05_5cl
Xscreensaver	Xscreensaver	4.05_6
Xscreensaver	Xscreensaver	4.05_6a
Xscreensaver	Xscreensaver	4.05_150
Xscreensaver	Xscreensaver	4.07_2
Xscreensaver	Xscreensaver	4.08_29135cl
Xscreensaver	Xscreensaver	4.09_0
Xscreensaver	Xscreensaver	4.10_4
Xscreensaver	Xscreensaver	4.10_6
Xscreensaver	Xscreensaver	4.10_8
Xscreensaver	Xscreensaver	4.10_15
Xscreensaver	Xscreensaver	4.11_0
Xscreensaver	Xscreensaver	4.12_58
Xscreensaver	Xscreensaver	4.12_62
Xscreensaver	Xscreensaver	4.14_0
Xscreensaver	Xscreensaver	4.14_2
Xscreensaver	Xscreensaver	4.14_4
Xscreensaver	Xscreensaver	4.14_5

References

Timeline

Published: Dec 31, 2003
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2003-1294?

How severe is CVE-2003-1294?

Severity scoring for CVE-2003-1294 is pending analysis. The EPSS model estimates a 0.42% probability of exploitation in the next 30 days.

How do I fix CVE-2003-1294?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2003-1294?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST