DiagCollectionControl.dll in Musicmatch 10.00.2047 and earlier allows remote attackers to overwrite arbitrary files via the bstrSavePath argument.Referenceshttp://www.securityfocus.com/bid/13167http://marc.info/?l=bugtraq&m=111359007928030&w=2
