Vulnerability CVE-2009-0824


Published: 2009-03-14   Modified: 2012-02-13

Description:
Elaborate Bytes ElbyCDIO.sys 6.0.2.0 and earlier, as distributed in SlySoft AnyDVD before 6.5.2.6, Virtual CloneDrive 5.4.2.3 and earlier, CloneDVD 2.9.2.0 and earlier, and CloneCD 5.3.1.3 and earlier, uses the METHOD_NEITHER communication method for IOCTLs and does not properly validate a buffer associated with the Irp object, which allows local users to cause a denial of service (system crash) via a crafted IOCTL call.

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

CVSS2 => (AV:L/AC:L/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.9/10
6.9/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete
Affected software
Slysoft -> Anydvd 
Slysoft -> Clonecd 
Slysoft -> Clonedvd 
Slysoft -> Virtualclonedrive 

 References:
http://en.securitylab.ru/lab/PT-2009-11
http://www.securityfocus.com/archive/1/501713/100/0/threaded
http://www.securityfocus.com/bid/34103
http://www.slysoft.com/download/changes_anydvd.txt
http://www.slysoft.com/download/changes_clonedvd.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/49232

Copyright 2021, cxsecurity.com

 

Back to Top