Giovanni Delvecchio <email@example.com> is credited with the discovery of this issue.
Wine Windows API Emulator 20050310
Wine Windows API Emulator 20050305
Wine Windows API Emulator 20050211
A local insecure file creation vulnerability affects Wine. This issue is due to a design error that fails to securely write to files in world-accessible directories.
An attacker may leverage this issue to use a symbolic link file named after the offending temporary file to write to arbitrary files with an unsuspecting user's privileges. Furthermore and attacker may gain access to potentially sensitive information contained within the temporary file.
No exploit is required to leverage this issue.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: firstname.lastname@example.org <mailto:email@example.com>.