CVE-2009-0824 Information
Description
Elaborate Bytes ElbyCDIO.sys 6.0.2.0 and earlier as distributed in SlySoft AnyDVD before 6.5.2.6 Virtual CloneDrive 5.4.2.3 and earlier CloneDVD 2.9.2.0 and earlier and CloneCD 5.3.1.3 and earlier uses the METHOD_NEITHER communication method for IOCTLs and does not properly validate a buffer associated with the Irp object which allows local users to cause a denial of service (system crash) via a crafted IOCTL call.
Reference
http://en.securitylab.ru/lab/PT-2009-11 http://osvdb.org/52679 http://secunia.com/advisories/34269 http://secunia.com/advisories/34287 http://secunia.com/advisories/34288 http://secunia.com/advisories/34289 http://www.securityfocus.com/archive/1/501713/100/0/threaded http://www.securityfocus.com/bid/34103 http://www.slysoft.com/download/changes_anydvd.txt http://www.slysoft.com/download/changes_clonedvd.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/49232
Share on: