[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96078

 
 

909

 
 

78009

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2009-0824

Date: (C)2009-03-14   (M)2017-08-18
 
CVSS Score: 4.9Access Vector: LOCAL
Exploitability Subscore: 3.9Access Complexity: LOW
Impact Subscore: 6.9Authentication: NONE
 Confidentiality: NONE
 Integrity: NONE
 Availability: COMPLETE











Elaborate Bytes ElbyCDIO.sys 6.0.2.0 and earlier, as distributed in SlySoft AnyDVD before 6.5.2.6, Virtual CloneDrive 5.4.2.3 and earlier, CloneDVD 2.9.2.0 and earlier, and CloneCD 5.3.1.3 and earlier, uses the METHOD_NEITHER communication method for IOCTLs and does not properly validate a buffer associated with the Irp object, which allows local users to cause a denial of service (system crash) via a crafted IOCTL call.

Reference:
http://www.securityfocus.com/archive/1/archive/1/501713/100/0/threaded
BID-34103
SECUNIA-34269
SECUNIA-34287
SECUNIA-34288
SECUNIA-34289
OSVDB-52679
http://en.securitylab.ru/lab/PT-2009-11
http://www.slysoft.com/download/changes_anydvd.txt
http://www.slysoft.com/download/changes_clonedvd.txt
slysoft-elbycdio-dos(49232)

CWE    1
CWE-119

© 2013 SecPod Technologies