Vulnerability Name:

CVE-2009-0824

Assigned:2009-03-12
Published:2009-03-12
Updated:2017-08-16
Summary:Elaborate Bytes ElbyCDIO.sys 6.0.2.0 and earlier, as distributed in SlySoft AnyDVD before 6.5.2.6, Virtual CloneDrive 5.4.2.3 and earlier, CloneDVD 2.9.2.0 and earlier, and CloneCD 5.3.1.3 and earlier, uses the METHOD_NEITHER communication method for IOCTLs and does not properly validate a buffer associated with the Irp object, which allows local users to cause a denial of service (system crash) via a crafted IOCTL call.
CVSS v3 Severity:4.0 Medium (CCN CVSS v3 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:4.9 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C)
4.1 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P)
1.7 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-119
References:Source: MISC
Type: UNKNOWN
http://en.securitylab.ru/lab/PT-2009-11

Source: BUGTRAQ
Type: UNKNOWN
20090312 [Suspected Spam][PT-2009-11] SlySoft Multiple Products ElbyCDIO.sys Denial of Service

Source: BID
Type: UNKNOWN
34103

Source: CONFIRM
Type: UNKNOWN
http://www.slysoft.com/download/changes_anydvd.txt

Source: CONFIRM
Type: UNKNOWN
http://www.slysoft.com/download/changes_clonedvd.txt

Source: XF
Type: UNKNOWN
slysoft-elbycdio-dos(49232)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:slysoft:virtualclonedrive:5.4.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:slysoft:clonedvd:2.9.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:slysoft:clonecd:5.3.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:slysoft:anydvd:6.5.2.2:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:slysoft:clonedvd:2.9.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:slysoft:clonecd:5.3.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:slysoft:anydvd:6.5.2.2:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    slysoft virtualclonedrive 5.4.2.3
    slysoft clonedvd 2.9.2.0
    slysoft clonecd 5.3.1.3
    slysoft anydvd 6.5.2.2
    slysoft clonedvd 2.9.2.0
    slysoft clonecd 5.3.1.3
    slysoft anydvd 6.5.2.2