CVE-2009-0824

Name of the Vulnerable Software and Affected Versions ElbyCDIO.sys versions 6.0.2.0 and earlier AnyDVD versions prior to 6.5.2.6 Virtual CloneDrive versions 5.4.2.3 and earlier CloneDVD versions 2.9.2.0 and earlier CloneCD versions 5.3.1.3 and earlier

Description The issue exists due to an error in input validation in the METHOD NEITHER method in the ElbyCDIO.sys driver, which allows local users to cause a denial of service (system crash) via a crafted IOCTL call. This can lead to memory corruption and system termination. The estimated number of potentially affected devices and details about real-world incidents are not provided.

Recommendations For ElbyCDIO.sys version 6.0.2.0 and earlier, consider disabling the METHOD NEITHER communication method for IOCTLs until a patch is available. For AnyDVD versions prior to 6.5.2.6, update to version 6.5.2.6 or later. For Virtual CloneDrive versions 5.4.2.3 and earlier, update to a version later than 5.4.2.3. For CloneDVD versions 2.9.2.0 and earlier, update to a version later than 2.9.2.0. For CloneCD versions 5.3.1.3 and earlier, update to a version later than 5.3.1.3.