CVE-2008-3699

The MagnatuneBrowser::listDownloadComplete function in magnatunebrowser/magnatunebrowser.cpp in Amarok before 1.4.10 allows local users to overwrite arbitrary files via a symlink attack on the album_info.xml temporary file.

Date published : 2008-08-14

http://www.securityfocus.com/bid/30662

http://amarok.kde.org/en/releases/1/4/10