CyberLink.PowerDVD.CLAVSetting.Arbitrary.Remote.Rewrite.DoS
Description
There is a vulnerability in CyberLink PowerDVD which could be exploited by attackers to corrupt arbitrary files. This issue is caused by a design error in the "CreateNewFile()" method within the "CLAVSetting.DLL" ActiveX Control. It can be exploited by attackers to overwrite arbitrary files on a vulnerable system by tricking a user into visiting a malicious web page.
Affected Products
CyberLink PowerDVD versions 7.x
Impact
Denial of service.
Recommended Actions
Currently we are not aware of any vendor supplied patches for this issue.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2020-12-11 | 16.978 |