CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:N/A:C
AI Score
Confidence
High
EPSS
Percentile
22.9%
Elaborate Bytes ElbyCDIO.sys 6.0.2.0 and earlier, as distributed in SlySoft AnyDVD before 6.5.2.6, Virtual CloneDrive 5.4.2.3 and earlier, CloneDVD 2.9.2.0 and earlier, and CloneCD 5.3.1.3 and earlier, uses the METHOD_NEITHER communication method for IOCTLs and does not properly validate a buffer associated with the Irp object, which allows local users to cause a denial of service (system crash) via a crafted IOCTL call.
en.securitylab.ru/lab/PT-2009-11
osvdb.org/52679
secunia.com/advisories/34269
secunia.com/advisories/34287
secunia.com/advisories/34288
secunia.com/advisories/34289
www.securityfocus.com/archive/1/501713/100/0/threaded
www.securityfocus.com/bid/34103
www.slysoft.com/download/changes_anydvd.txt
www.slysoft.com/download/changes_clonedvd.txt
exchange.xforce.ibmcloud.com/vulnerabilities/49232