CVE: CVE-2009-0824

Export to Word

Elaborate Bytes ElbyCDIO.sys 6.0.2.0 and earlier, as distributed in SlySoft AnyDVD before 6.5.2.6, Virtual CloneDrive 5.4.2.3 and earlier, CloneDVD 2.9.2.0 and earlier, and CloneCD 5.3.1.3 and earlier, uses the METHOD_NEITHER communication method for IOCTLs and does not properly validate a buffer associated with the Irp object, which allows local users to cause a denial of service (system crash) via a crafted IOCTL call.

Threat-Mapped Scoring

Score: 1.5

Priority: P4 - Informational (Low)

S10 – Denial of Service

EPSS

Score: 0.00353
Percentile: 0.56939

CVSS Scoring

CVSS v2 Score: 4.9

Severity:

Mapped CWE(s)

CWE-119 : Improper Restriction of Operations within the Bounds of a Memory Buffer

All CAPEC(s)

CAPEC-10: Buffer Overflow via Environment Variables
CAPEC-100: Overflow Buffers
CAPEC-123: Buffer Manipulation
CAPEC-14: Client-side Injection-induced Buffer Overflow
CAPEC-24: Filter Failure through Buffer Overflow
CAPEC-42: MIME Conversion
CAPEC-44: Overflow Binary Resource File
CAPEC-45: Buffer Overflow via Symbolic Links
CAPEC-46: Overflow Variables and Tags
CAPEC-47: Buffer Overflow via Parameter Expansion
CAPEC-8: Buffer Overflow in an API Call
CAPEC-9: Buffer Overflow in Local Command-Line Utilities

CAPEC(s) with Mapped TTPs

Mapped ATT&CK TTPs

Affected Products

cpe:2.3:a:slysoft:anydvd:*:*:*:*:*:*:*:*
cpe:2.3:a:slysoft:clonecd:*:*:*:*:*:*:*:*
cpe:2.3:a:slysoft:clonedvd:*:*:*:*:*:*:*:*
cpe:2.3:a:slysoft:virtualclonedrive:*:*:*:*:*:*:*:*

← Back to Home