Dear Secunia Research, SR> The vulnerability is caused by KGet downloading files without the SR> user's acknowledgment, overwriting existing files of the same name SR> when displaying a dialog box that allows a user to choose the file to SR> download out of the options offered by a metalink file. SR> The Common Vulnerabilities and Exposures (CVE) project has assigned SR> CVE-2010-1511 for the vulnerability. Is it same vulnerability with CVE-2010-1000 or different? (CVE-2010-1000: It was discovered that KGet did not properly perform input validation when processing metalink files. If a user were tricked into opening a crafted metalink file, a remote attacker could overwrite files via directory traversal, which could eventually lead to arbitrary code execution. ) -- Skype: Vladimir.Dubrovin ~/ZARAZA http://securityvulns.com/
