Internet threat level: 1
Home→Descriptions→SA34269
AnyDVD ElbyCDIO.sys IOCTL Handling Vulnerability
| Secunia ID | |
| CVE-ID | |
| Release Date |
13 Mar 2009 |
| Last Change |
23 Mar 2009 |
| Criticality | |
| Solution Status |
Vendor Patch |
| Software |
AnyDVD 6.x |
| Where | |
| Impact |
DoS (Denial of Service)This includes vulnerabilities ranging from excessive resource consumption (e.g. causing a system to use a lot of memory) to crashing an application or an entire system. Privilege escalationThis covers vulnerabilities where a user is able to conduct certain tasks with the privileges of other users or administrative users. This typically includes cases where a local user on a client or server system can gain access to the administrator or root account thus taking full control of the system. |
| Description |
A vulnerability has been reported in AnyDVD, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or to potentially gain escalated privileges. The vulnerability is caused due to insufficient validation of user space data provided to the ElbyCDIO.sys kernel driver. This can be exploited to trigger a memory corruption and potentially execute arbitrary code in kernel space via a specially crafted IOCTL request. The vulnerability is reported in versions 6.5.2.2 and prior. |
| Solution |
Update to version 6.5.2.6 or later. |
| Reported by |
Nikita Tarakanov, Positive Technologies |
| Original Advisory |
Positive Technologies: SlySoft: NT Internals: |
© 1997-2012 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.