SlySoft Product(s) Code Execution Vulnerability Network Vulnerability

Summary

This host is installed with SlySoft Product(s) and are prone to Code Execution Vulnerability.

Impact

Successful exploitation will let the attacker cause memory corruption and can allow remote code execution in the context of the affected system, which result in service crash. Impact Level: System/Application

Solution

Upgrade to higher versions accordingly http://www.slysoft.com/en/download.html

Insight

METHOD_NEITHER communication method for IOCTLs does not properly validate a buffer associated with the Irp object of user space data provided to the ElbyCDIO.sys kernel driver.

Affected

SlySoft AnyDVD version prior to 6.5.2.6 SlySoft CloneCD version 5.3.1.3 and prior SlySoft CloneDVD version 2.9.2.0 and prior SlySoft Virtual CloneDrive version 5.4.2.3 and prior

References

http://secunia.com/advisories/34269
http://secunia.com/advisories/34287
http://secunia.com/advisories/34288
http://secunia.com/advisories/34289
http://www.securityfocus.com/archive/1/archive/1/501713/100/0/threaded

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-0824
CVSS Base Score: 4.9
AV:L/AC:L/Au:N/C:N/I:N/A:C

Related Vulnerabilities

VMCI/HGFS VmWare Code Execution Vulnerability (Linux)
XnView Multiple Image Decompression Heap Overflow Vulnerabilities (Windows)
Monkey HTTPD Host Header Buffer Overflow Vulnerability
Dnsmasq TFTP Service multiple vulnerabilities
ImageMagick Integer Overflow Vulnerability - 02 June13 (Windows)

Take action and discover your vulnerabilities