xine-lib arbitrary file overwrite

ID E50B04E8-9C55-11D8-9366-0020ED76EF5A
Type freebsd
Reporter FreeBSD
Modified 2004-04-20T00:00:00


From the xinehq advisory:

By opening a malicious MRL in any xine-lib based media player, an attacker can write arbitrary content to an arbitrary file, only restricted by the permissions of the user running the application.

The flaw is a result of a feature that allows MRLs (media resource locator URIs) to specify arbitrary configuration options.