SlySoft多个产品ElbyCDIO.sys驱动本地溢出漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1117466 漏洞类型 缓冲区溢出
发布时间 2009-03-12 更新时间 2009-05-26
CVE编号 CVE-2009-0824 CNNVD-ID CNNVD-200903-258
漏洞平台 Windows CVSS评分 4.9
|漏洞来源
https://www.exploit-db.com/exploits/32850
https://www.securityfocus.com/bid/34103
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200903-258
|漏洞详情
SlySoft是爱尔兰的一家软件公司,产品包括AnyDVD、VirtualCloneDrive、CloneDVD等DVD解密和虚拟光驱工具。SlySoft多个产品中所使用的ElbyCDIO.sys驱动没有正确地处理IOCTL请求。由于IOCTL处理器使用METHOD_NEITHER通讯方式且没有正确地验证Irp对象相关的缓冲区,因此本地用户可以提交特制的IOCTL请求触发缓冲区溢出,导致内核崩溃。
|漏洞EXP
source: http://www.securityfocus.com/bid/34103/info

Multiple SlySoft products are prone to multiple buffer-overflow vulnerabilities because they fail to adequately validate user-supplied input.

A local attacker can exploit these issues to execute arbitrary code with SYSTEM-level privileges. Failed attacks will result in denial-of-service conditions.

The following applications are vulnerable:

SlySoft AnyDVD 6.5.2.2
SlySoft AnyDVD HD 6.5.2.2
SlySoft Virtual CloneDrive 5.4.2.3
SlySoft CloneDVD 2.9.2.0
SlySoft CloneCD 5.3.1.3

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/32850.zip
|受影响的产品
SlySoft Virtual CloneDrive 5.4.2 .3 SlySoft CloneDVD 2.9.2 .0 SlySoft CloneCD 5.3.1 .3 SlySoft AnyDVD HD 6.5.2.2 SlySoft AnyDVD 6.5.2.2
|参考资料

来源:XF
名称:slysoft-elbycdio-dos(49232)
链接:http://xforce.iss.net/xforce/xfdb/49232
来源:www.slysoft.com
链接:http://www.slysoft.com/download/changes_clonedvd.txt
来源:www.slysoft.com
链接:http://www.slysoft.com/download/changes_anydvd.txt
来源:BID
名称:34103
链接:http://www.securityfocus.com/bid/34103
来源:BUGTRAQ
名称:20090312[SuspectedSpam][PT-2009-11]SlySoftMultipleProductsElbyCDIO.sysDenialofService
链接:http://www.securityfocus.com/archive/1/archive/1/501713/100/0/threaded
来源:SECUNIA
名称:34289
链接:http://secunia.com/advisories/34289
来源:SECUNIA
名称:34288
链接:http://secunia.com/advisories/34288
来源:SECUNIA
名称:34287
链接:http://secunia.com/advisories/34287
来源:SECUNIA
名称:34269
链接:http://secunia.com/advisories/34269
来源:OSVDB
名称:52679
链接:http://osvdb.org/52679
来源:MISC
链接:http://en.securitylab.ru/lab/PT-2009-11