CVE-2007-5219

CyberLink PowerDVD 7.0 - Path Traversal and Arbitrary File Write via CLAVSetting ActiveX CreateNewFile Method

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-5219. PoCs published by rgod.

AI-analyzed exploit summary This exploit leverages an unsafe ActiveX control in CyberLink PowerDVD's CLAVSetting.DLL to overwrite arbitrary files with an empty file, leading to a denial-of-service condition. The exploit uses VBScript to call the CreateNewFile method, targeting boot.ini as an example.

Description

Directory traversal vulnerability in the CLAVSetting.CLSetting.1 ActiveX control in CLAVSetting.DLL 1.00.1829 in the CLAVSetting module in CyberLink PowerDVD 7.0 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the argument to the CreateNewFile method.

Exploits (1)

exploitdb WORKING POC VERIFIED

by rgod · htmldoswindows

https://www.exploit-db.com/exploits/4479

View Code ZIP pw:eip

This exploit leverages an unsafe ActiveX control in CyberLink PowerDVD's CLAVSetting.DLL to overwrite arbitrary files with an empty file, leading to a denial-of-service condition. The exploit uses VBScript to call the CreateNewFile method, targeting boot.ini as an example.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: CyberLink PowerDVD CLAVSetting.DLL 1.00.1829

No auth needed

Prerequisites: Target system must have the vulnerable DLL installed (e.g., Acer Travelmate series) · Victim must visit a malicious webpage or open the HTML file

MITRE ATT&CK

T1221 - Template Injection T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →