Ultraiso
by Ezbsystems
CVEs (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-2840 | Hig | 0.51 | 7.8 | 0.02 | Apr 24, 2018 | A buffer overflow vulnerability exists in the ISO parsing functionality of EZB Systems UltraISO 9.6.6.3300. A specially crafted .ISO file can cause a vulnerability resulting in potential code execution. An attacker can provide a specific .ISO file to trigger this vulnerability. | ||
| CVE-2018-25267 | Med | 0.40 | 6.2 | 0.00 | Apr 22, 2026 | UltraISO 9.7.1.3519 contains a local buffer overflow vulnerability in the Output FileName field of the Make CD/DVD Image dialog that allows attackers to overwrite SEH and SE handler records. Attackers can craft a malicious filename string with 304 bytes of data followed by SEH… | ||
| CVE-2007-2888 | 0.07 | — | 0.55 | May 30, 2007 | Stack-based buffer overflow in UltraISO 8.6.2.2011 and earlier allows user-assisted remote attackers to execute arbitrary code via a long FILE string (filename) in a .cue file, a related issue to CVE-2007-2761. NOTE: some details are obtained from third party information. | |||
| CVE-2009-1260 | 0.06 | — | 0.43 | Apr 7, 2009 | Multiple stack-based buffer overflows in UltraISO 9.3.3.2685 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted (1) CCD or (2) IMG file. | |||
| CVE-2006-2099 | 0.03 | — | 0.03 | Apr 29, 2006 | Directory traversal vulnerability in UltraISO 8.0.0.1392 allows remote attackers to write arbitrary files via a .. (dot dot) in a filename in an ISO image. | |||
| CVE-2010-5255 | 0.00 | — | 0.00 | Sep 7, 2012 | Untrusted search path vulnerability in UltraISO 9.3.6.2750 allows local users to gain privileges via a Trojan horse daemon.dll file in the current working directory, as demonstrated by a directory that contains a .iso file. NOTE: some of these details are obtained from third… | |||
| CVE-2008-4825 | 0.00 | — | 0.03 | Apr 1, 2009 | Multiple buffer overflows in UltraISO 9.3.1.2633, and possibly other versions before 9.3.3.2685, allow user-assisted attackers to execute arbitrary code via a crafted (1) CIF, (2) C2D, or (3) GI file. | |||
| CVE-2008-3871 | 0.00 | — | 0.03 | Apr 1, 2009 | Multiple format string vulnerabilities in UltraISO 9.3.1.2633, and possibly other versions before 9.3.3.2685, allow user-assisted attackers to execute arbitrary code via format string specifiers in the filename of a (1) DAA or (2) ISZ file. |
- risk 0.51cvss 7.8epss 0.02
A buffer overflow vulnerability exists in the ISO parsing functionality of EZB Systems UltraISO 9.6.6.3300. A specially crafted .ISO file can cause a vulnerability resulting in potential code execution. An attacker can provide a specific .ISO file to trigger this vulnerability.
- risk 0.40cvss 6.2epss 0.00
UltraISO 9.7.1.3519 contains a local buffer overflow vulnerability in the Output FileName field of the Make CD/DVD Image dialog that allows attackers to overwrite SEH and SE handler records. Attackers can craft a malicious filename string with 304 bytes of data followed by SEH…
- CVE-2007-2888May 30, 2007risk 0.07cvss —epss 0.55
Stack-based buffer overflow in UltraISO 8.6.2.2011 and earlier allows user-assisted remote attackers to execute arbitrary code via a long FILE string (filename) in a .cue file, a related issue to CVE-2007-2761. NOTE: some details are obtained from third party information.
- CVE-2009-1260Apr 7, 2009risk 0.06cvss —epss 0.43
Multiple stack-based buffer overflows in UltraISO 9.3.3.2685 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted (1) CCD or (2) IMG file.
- CVE-2006-2099Apr 29, 2006risk 0.03cvss —epss 0.03
Directory traversal vulnerability in UltraISO 8.0.0.1392 allows remote attackers to write arbitrary files via a .. (dot dot) in a filename in an ISO image.
- CVE-2010-5255Sep 7, 2012risk 0.00cvss —epss 0.00
Untrusted search path vulnerability in UltraISO 9.3.6.2750 allows local users to gain privileges via a Trojan horse daemon.dll file in the current working directory, as demonstrated by a directory that contains a .iso file. NOTE: some of these details are obtained from third…
- CVE-2008-4825Apr 1, 2009risk 0.00cvss —epss 0.03
Multiple buffer overflows in UltraISO 9.3.1.2633, and possibly other versions before 9.3.3.2685, allow user-assisted attackers to execute arbitrary code via a crafted (1) CIF, (2) C2D, or (3) GI file.
- CVE-2008-3871Apr 1, 2009risk 0.00cvss —epss 0.03
Multiple format string vulnerabilities in UltraISO 9.3.1.2633, and possibly other versions before 9.3.3.2685, allow user-assisted attackers to execute arbitrary code via format string specifiers in the filename of a (1) DAA or (2) ISZ file.