CVE-2009-0824

2009-03-1418:30:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2009-0824

elaborate bytes

elbycdio.sys

slysoft anydvd

virtual clonedrive

clonedvd

clonecd

method_neither

ioctls

denial of service

nvd

7.5 High

AI Score

Confidence

High

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

0.001 Low

EPSS

Percentile

21.7%

JSON

Elaborate Bytes ElbyCDIO.sys 6.0.2.0 and earlier, as distributed in SlySoft AnyDVD before 6.5.2.6, Virtual CloneDrive 5.4.2.3 and earlier, CloneDVD 2.9.2.0 and earlier, and CloneCD 5.3.1.3 and earlier, uses the METHOD_NEITHER communication method for IOCTLs and does not properly validate a buffer associated with the Irp object, which allows local users to cause a denial of service (system crash) via a crafted IOCTL call.

CPENameOperatorVersion
slysoft:virtualclonedriveslysoft virtualclonedrivele5.4.2.3
slysoft:anydvdslysoft anydvdle6.5.2.2
slysoft:clonecdslysoft clonecdle5.3.1.3
slysoft:clonedvdslysoft clonedvdle2.9.2.0

CPE	Name	Operator	Version
slysoft:virtualclonedrive	slysoft virtualclonedrive	le	5.4.2.3
slysoft:anydvd	slysoft anydvd	le	6.5.2.2
slysoft:clonecd	slysoft clonecd	le	5.3.1.3
slysoft:clonedvd	slysoft clonedvd	le	2.9.2.0