Kaspersky LabKLA10064KLA10064 DoS vulnerability in SlySoft
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:N/A:C
AI Score
Confidence
High
EPSS
Percentile
22.9%
An improper buffer validation vulnerability was found in SlySoft products. By exploiting this vulnerability malicious users can cause a denial of service. This vulnerability can be exploited locally at a point related to ElbyCDIO.sys via a specially designed IOCTL call.
Original advisories
Exploitation
Public exploits exist for this vulnerability.
Related products
CVE list
CVE-2009-0824 warning
Solution
Update to latest version
Impacts
- DoS
Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.
- PE
Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.
Affected Products
- SlySoft AnyDVD versions 6.5.2.2 and earlierSlySoft Virtual CloneDrive versions 5.4.2.3 and earlierSlySoft CloneDVD versions 2.9.2.0 and earlierSlySoft CloneCD versions 5.3.1.3 and earlier
References
www.slysoft.com/download/changes_anydvd.txt
www.slysoft.com/download/changes_clonecd.txt
www.slysoft.com/download/changes_clonedvd.txt
statistics.securelist.com/
threats.kaspersky.com/en/product/AnyDVD/
threats.kaspersky.com/en/product/elby-CloneDVD/
threats.kaspersky.com/en/product/SlySoft-CloneCD/
threats.kaspersky.com/en/product/SlySoft-Virtual-CloneDrive/
Related
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:N/A:C
AI Score
Confidence
High
EPSS
Percentile
22.9%