CVE-2004-1951
UnknownEPSS 8.10%
Last modified
CVE-2004-1951 is a vulnerability of currently unknown severity. xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui 0.9.21 to 0.9.23 allows remote attackers to overwrite arbitrary files via the (1) audio.sun_audio_device or (2) dxr3.devicename options in an MRL link.. EPSS estimates a 8.10% chance of exploitation in the next 30 days.
Description
xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui 0.9.21 to 0.9.23 allows remote attackers to overwrite arbitrary files via the (1) audio.sun_audio_device or (2) dxr3.devicename options in an MRL link.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Xine | Xine | 0.9.8 |
| Xine | Xine | 0.9.13 |
| Xine | Xine | 1_beta1 |
| Xine | Xine | 1_beta2 |
| Xine | Xine | 1_beta3 |
| Xine | Xine | 1_beta4 |
| Xine | Xine | 1_beta5 |
| Xine | Xine | 1_beta6 |
| Xine | Xine | 1_beta7 |
| Xine | Xine | 1_beta8 |
| Xine | Xine | 1_beta9 |
| Xine | Xine | 1_beta10 |
| Xine | Xine | 1_beta11 |
| Xine | Xine | 1_beta12 |
| Xine | Xine | 1_rc0a |
| Xine | Xine | 1_rc1 |
| Xine | Xine | 1_rc2 |
| Xine | Xine | 1_rc3 |
| Xine | Xine | 1_rc3a |
| Xine | Xine | 1_rc3b |
| Xine | Xine-Lib | 1_rc2 |
| Xine | Xine-Lib | 1_rc3a |
| Xine | Xine-Lib | 1_rc3b |
| Xine | Xine-Lib | 1_rc3c |
| Xine | Xine-Ui | 0.9.21 |
| Xine | Xine-Ui | 0.9.22 |
| Xine | Xine-Ui | 0.9.23 |
References
- http://www.securityfocus.com/bid/10193Exploit, Patch
- http://www.xinehq.de/index.php/security/XSA-2004-1Vendor Advisory
- http://www.xinehq.de/index.php/security/XSA-2004-2Vendor Advisory
- http://www.securityfocus.com/bid/10193Exploit, Patch
- http://www.xinehq.de/index.php/security/XSA-2004-1Vendor Advisory
- http://www.xinehq.de/index.php/security/XSA-2004-2Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2004-1951?
xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui 0.9.21 to 0.9.23 allows remote attackers to overwrite arbitrary files via the (1) audio.sun_audio_device or (2) dxr3.devicename options in an MRL link.
How severe is CVE-2004-1951?
Severity scoring for CVE-2004-1951 is pending analysis. The EPSS model estimates a 8.10% probability of exploitation in the next 30 days.
How do I fix CVE-2004-1951?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2004-1951?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST