CVE-2009-0824

2009-03-1418:30:00

CWE-119

[email protected]

web.nvd.nist.gov

CVSS2

4.9

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

22.9%

JSON

Elaborate Bytes ElbyCDIO.sys 6.0.2.0 and earlier, as distributed in SlySoft AnyDVD before 6.5.2.6, Virtual CloneDrive 5.4.2.3 and earlier, CloneDVD 2.9.2.0 and earlier, and CloneCD 5.3.1.3 and earlier, uses the METHOD_NEITHER communication method for IOCTLs and does not properly validate a buffer associated with the Irp object, which allows local users to cause a denial of service (system crash) via a crafted IOCTL call.

Affected configurations

Nvd

Node

slysoftanydvdRange≤6.5.2.2

slysoftclonecdRange≤5.3.1.3

slysoftclonedvdRange≤2.9.2.0

slysoftvirtualclonedriveRange≤5.4.2.3

VendorProductVersionCPE
slysoftanydvd*cpe:2.3:a:slysoft:anydvd:*:*:*:*:*:*:*:*
slysoftclonecd*cpe:2.3:a:slysoft:clonecd:*:*:*:*:*:*:*:*
slysoftclonedvd*cpe:2.3:a:slysoft:clonedvd:*:*:*:*:*:*:*:*
slysoftvirtualclonedrive*cpe:2.3:a:slysoft:virtualclonedrive:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
slysoft	anydvd	*	cpe:2.3:a:slysoft:anydvd::::::::
slysoft	clonecd	*	cpe:2.3:a:slysoft:clonecd::::::::
slysoft	clonedvd	*	cpe:2.3:a:slysoft:clonedvd::::::::
slysoft	virtualclonedrive	*	cpe:2.3:a:slysoft:virtualclonedrive::::::::