1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP Cyberlink PowerDVD ClavSetting File Overwrite

HTTP Cyberlink PowerDVD ClavSetting File Overwrite

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit a vulnerable in a CyberLink PowerDVD ActiveX control which would allow attackers to overwrite arbitrary local files.

Additional Information

This issue resides in the 'CreateNewFile()' method of 'CLAVSetting.DLL' in the ActiveX control with CLSID: 0990EDE2-3498-43D0-971D-D5321C893210.

The vulnerable method is used to create files on the local system. However, the software fails to properly validate the filename specified. Specifically, an attacker can use directory-traversal strings ('\..') to overwrite an arbitrary local file.
Attackers may be able to exploit this issue to cause denial-of-service conditions if sensitive system configuration files are overwritten.

Affected

  • CyberLink PowerDVD CLAVSetting.DLL 1.0.1829
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube