Bug Source: XMB 1.9.9 and older
Symptoms: Unexpected output, Javascript compromise (XSS)
Security Impact: High
ID: CVE-2005-2574
Fixed By: XMB 1.9.10 and later are not affected.
Discussion:
A variable overwrite exploit, reported to Bugtraq in 2005, was evaluated by XMB staff in 2008. This vulnerability had not been resolved and was more
severe than originally described. Arguments to the 'extract' function were changed in 2008 and released with version 1.9.10 to prevent variable
overwrites. These changes were also available in a service pack for version 1.9.8.
Recommendations: