Intrusion Prevention



There is a vulnerability in CyberLink PowerDVD which could be exploited by attackers to corrupt arbitrary files. This issue is caused by a design error in the "CreateNewFile()" method within the "CLAVSetting.DLL" ActiveX Control. It can be exploited by attackers to overwrite arbitrary files on a vulnerable system by tricking a user into visiting a malicious web page.

Affected Products

CyberLink PowerDVD versions 7.x


Denial of service.

Recommended Actions

Currently we are not aware of any vendor supplied patches for this issue.

CVE References