SlySoft Product(s) Code Execution Vulnerability Network Vulnerability

Summary

This host is installed with SlySoft Product(s) and are prone to Code Execution Vulnerability.

Impact

Successful exploitation will let the attacker cause memory corruption and can allow remote code execution in the context of the affected system, which result in service crash. Impact Level: System/Application

Solution

Upgrade to higher versions accordingly http://www.slysoft.com/en/download.html

Insight

METHOD_NEITHER communication method for IOCTLs does not properly validate a buffer associated with the Irp object of user space data provided to the ElbyCDIO.sys kernel driver.

Affected

SlySoft AnyDVD version prior to 6.5.2.6 SlySoft CloneCD version 5.3.1.3 and prior SlySoft CloneDVD version 2.9.2.0 and prior SlySoft Virtual CloneDrive version 5.4.2.3 and prior

References

http://secunia.com/advisories/34269
http://secunia.com/advisories/34287
http://secunia.com/advisories/34288
http://secunia.com/advisories/34289
http://www.securityfocus.com/archive/1/archive/1/501713/100/0/threaded

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-0824

CVSS	Base Score: 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C

Related Vulnerabilities

VMCI/HGFS VmWare Code Execution Vulnerability (Win)
FileZilla Server Buffer Overflow Vulnerability
Gabset Media Player Classic Integer Overflow Vulnerability
SlySoft Product(s) Code Execution Vulnerability
Sync Breeze Server Remote Stack Buffer Overflow Vulnerability

Take action and discover your vulnerabilities