IOActive Security Advisory Title XBMC File traversal vulnerability Severity High Discovered by Lucas Lundgren Affected Products XBMC 11 => Nightly build 20121028 Windows version XBMCbuntu / XBMC 11 for Linux XBMC 11.1.0 for Raspberry Pi XBMC 11.0 Git:20120702-f3cd288 for Jailbroken AppleTV 2 version (Thanks to Matt "hostess" Andreko for the verification.) Impact Remote File traversal allows an attacker to read any file on the targeted system with the same privileges as XBMC. Since XBMC stores SMB and other credentials in clear text on the computer running the service, an attacker could easily find valid network credentials to gain further access. This could lead to full system compromise, or compromise other systems XBMC has access to. Notification and Approval The XBMC team was notified of the vulnerability on October 31, 2012, and has approved the release of this advisory.