The MagnatuneBrowser::listDownloadComplete function in magnatunebrowser/magnatunebrowser.cpp in Amarok 1.4.9.1 allows local users to overwrite arbitrary files via a symlink attack on the album_info.xml temporary file.

More... (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4430)