CyberLink PowerDVD Lets Remote Users Deny Service By Overwriting Files

2007-10-13 作者:bitsCN整理来源:中国网管联盟点评 投稿 收藏

Impact: Denial of service via network
Exploit Included: Yes
Description: A vulnerability was reported in CyberLink PowerDVD. A remote user can cause arbitrary files to be overwritten. 网管u家u.bitsCN.com

A remote user can create aspecially crafted HTML that, when loaded by the target user, will invoke the CLSetting.CreateNewFile function to overwrite files with a blank file.
The files will be overwritten with the privileges of the target user.

网管u家u.bitsCN.com

CLAVSetting.DLL version 1.00.1829 is affected.

网管有家bitscn.net

The CLSID of the vulnerable control is: 0990EDE2-3498-43D0-971D-D5321C893210

网管有家www.bitscn.net

The original advisory and demonstration exploit is available at:

网管论坛bbs_bitsCN_com

http://milw0rm.com/exploits/4479

网管联盟bitsCN_com

rgod reported this vulnerability.
Impact: A remote user can create HTML that, when loaded by the target user, will overwrite a file on the target user's system with a blank file.
Solution: No solution was available at the time of this entry.
Vendor URL: www.cyberlink.com/ (Links to External Site)
Cause: Access control error
Underlying OS: Windows (Any)

网管u家bitscn.net

顶一下

TAGs： the user target of with remote will can The files

上一篇：Check Point FireWall-1 Buffer Overflows Let Local Users Gain Elevated Privileges 下一篇：Google Mini Search Appliance Input Validation Hole in 'ie' Parameter P

相关文章列表

CyberLink PowerDVD Lets Remote Users Deny Service By Overwriting Files 评论：

评论加载中…

评论:请自觉遵守互联网相关政策法规，评论不得超过250字。

验证码：注册用户

CyberLink PowerDVD Lets Remote Users Deny Service By Overwriting Files

2007-10-13 作者:bitsCN整理 来源:中国网管联盟 点评 投稿 收藏

2007-10-13 作者:bitsCN整理来源:中国网管联盟点评投稿收藏