CyberLink PowerDVD Lets Remote Users Deny Service By Overwriting Files
|
|
SecurityTracker Alert ID: 1018758
|
|
SecurityTracker URL: http://securitytracker.com/id?1018758
|
|
CVE Reference: CVE-2007-5219
(Links to External Site)
|
Updated: Mar 20 2008
|
Original Entry Date: Oct 2 2007
|
Impact: Denial of service via network
|
Exploit Included: Yes
|
Description: A vulnerability was reported in CyberLink PowerDVD. A remote user can cause arbitrary files to be overwritten.
A remote user can create aspecially crafted HTML that, when loaded by the target user, will invoke the CLSetting.CreateNewFile function
to overwrite files with a blank file.
The files will be overwritten with the privileges of the target user.
CLAVSetting.DLL
version 1.00.1829 is affected.
The CLSID of the vulnerable control is: 0990EDE2-3498-43D0-971D-D5321C893210
The original advisory
and demonstration exploit is available at:
http://milw0rm.com/exploits/4479
rgod reported this vulnerability.
|
Impact: A remote user can create HTML that, when loaded by the target user, will overwrite a file on the target user's system with a blank file.
|
Solution: No solution was available at the time of this entry.
|
Vendor URL: www.cyberlink.com/ (Links to External Site)
|
Cause: Access control error
|
Underlying OS: Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 2 Oct 2007 07:50:24 -0400
Subject: CyberLink PowerDVD CLAVSetting Module (CLAVSetting.DLL 1.00.1829) arbitrary remote rewrite dos
|
http://milw0rm.com/exploits/4479
|
|
