VYPR

Ultraiso

by Ezbsystems

CVEs (8)

  • CVE-2017-2840HigApr 24, 2018
    risk 0.51cvss 7.8epss 0.02

    A buffer overflow vulnerability exists in the ISO parsing functionality of EZB Systems UltraISO 9.6.6.3300. A specially crafted .ISO file can cause a vulnerability resulting in potential code execution. An attacker can provide a specific .ISO file to trigger this vulnerability.

  • CVE-2018-25267MedApr 22, 2026
    risk 0.40cvss 6.2epss 0.00

    UltraISO 9.7.1.3519 contains a local buffer overflow vulnerability in the Output FileName field of the Make CD/DVD Image dialog that allows attackers to overwrite SEH and SE handler records. Attackers can craft a malicious filename string with 304 bytes of data followed by SEH…

  • CVE-2007-2888May 30, 2007
    risk 0.07cvss epss 0.55

    Stack-based buffer overflow in UltraISO 8.6.2.2011 and earlier allows user-assisted remote attackers to execute arbitrary code via a long FILE string (filename) in a .cue file, a related issue to CVE-2007-2761. NOTE: some details are obtained from third party information.

  • CVE-2009-1260Apr 7, 2009
    risk 0.06cvss epss 0.43

    Multiple stack-based buffer overflows in UltraISO 9.3.3.2685 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted (1) CCD or (2) IMG file.

  • CVE-2006-2099Apr 29, 2006
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in UltraISO 8.0.0.1392 allows remote attackers to write arbitrary files via a .. (dot dot) in a filename in an ISO image.

  • CVE-2010-5255Sep 7, 2012
    risk 0.00cvss epss 0.00

    Untrusted search path vulnerability in UltraISO 9.3.6.2750 allows local users to gain privileges via a Trojan horse daemon.dll file in the current working directory, as demonstrated by a directory that contains a .iso file. NOTE: some of these details are obtained from third…

  • CVE-2008-4825Apr 1, 2009
    risk 0.00cvss epss 0.03

    Multiple buffer overflows in UltraISO 9.3.1.2633, and possibly other versions before 9.3.3.2685, allow user-assisted attackers to execute arbitrary code via a crafted (1) CIF, (2) C2D, or (3) GI file.

  • CVE-2008-3871Apr 1, 2009
    risk 0.00cvss epss 0.03

    Multiple format string vulnerabilities in UltraISO 9.3.1.2633, and possibly other versions before 9.3.3.2685, allow user-assisted attackers to execute arbitrary code via format string specifiers in the filename of a (1) DAA or (2) ISZ file.