Intrusion Prevention

CyberLink.PowerDVD.CLAVSetting.Arbitrary.Remote.Rewrite.DoS

Description

There is a vulnerability in CyberLink PowerDVD which could be exploited by attackers to corrupt arbitrary files. This issue is caused by a design error in the "CreateNewFile()" method within the "CLAVSetting.DLL" ActiveX Control. It can be exploited by attackers to overwrite arbitrary files on a vulnerable system by tricking a user into visiting a malicious web page.

Affected Products

CyberLink PowerDVD versions 7.x

Impact

Denial of service.

Recommended Actions

Currently we are not aware of any vendor supplied patches for this issue.

CVE References

CVE-2007-5219