This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This signature detects attempts to exploit a vulnerable in a CyberLink PowerDVD ActiveX control which would allow attackers to overwrite arbitrary local files.
This issue resides in the 'CreateNewFile()' method of 'CLAVSetting.DLL' in the ActiveX control with CLSID: 0990EDE2-3498-43D0-971D-D5321C893210.
The vulnerable method is used to create files on the local system. However, the software fails to properly validate the filename specified. Specifically, an attacker can use directory-traversal strings ('\..') to overwrite an arbitrary local file.
Attackers may be able to exploit this issue to cause denial-of-service conditions if sensitive system configuration files are overwritten.
- CyberLink PowerDVD CLAVSetting.DLL 1.0.1829