CVE-2009-0824

2009-03-1418:30:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2009-0824

elaborate bytes

elbycdio.sys

slysoft anydvd

virtual clonedrive

clonedvd

clonecd

method_neither

ioctls

denial of service

nvd

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.1%

JSON

Elaborate Bytes ElbyCDIO.sys 6.0.2.0 and earlier, as distributed in SlySoft AnyDVD before 6.5.2.6, Virtual CloneDrive 5.4.2.3 and earlier, CloneDVD 2.9.2.0 and earlier, and CloneCD 5.3.1.3 and earlier, uses the METHOD_NEITHER communication method for IOCTLs and does not properly validate a buffer associated with the Irp object, which allows local users to cause a denial of service (system crash) via a crafted IOCTL call.

Affected configurations

NVD

Node

slysoftanydvdRange≤6.5.2.2

slysoftclonecdRange≤5.3.1.3

slysoftclonedvdRange≤2.9.2.0

slysoftvirtualclonedriveRange≤5.4.2.3

CPENameOperatorVersion
slysoft:anydvdslysoft anydvdle6.5.2.2
slysoft:clonecdslysoft clonecdle5.3.1.3
slysoft:clonedvdslysoft clonedvdle2.9.2.0
slysoft:virtualclonedriveslysoft virtualclonedrivele5.4.2.3

CPE	Name	Operator	Version
slysoft:anydvd	slysoft anydvd	le	6.5.2.2
slysoft:clonecd	slysoft clonecd	le	5.3.1.3
slysoft:clonedvd	slysoft clonedvd	le	2.9.2.0
slysoft:virtualclonedrive	slysoft virtualclonedrive	le	5.4.2.3