Ezbsystems » Ultraiso : Security Vulnerabilities, CVEs,
A buffer overflow vulnerability exists in the ISO parsing functionality of EZB Systems UltraISO 9.6.6.3300. A specially crafted .ISO file can cause a vulnerability resulting in potential code execution. An attacker can provide a specific .ISO file to trigger this vulnerability.
Max CVSS
8.8
EPSS Score
0.16%
Published
2018-04-24
Updated
2022-06-03
Untrusted search path vulnerability in UltraISO 9.3.6.2750 allows local users to gain privileges via a Trojan horse daemon.dll file in the current working directory, as demonstrated by a directory that contains a .iso file. NOTE: some of these details are obtained from third party information.
Max CVSS
6.9
EPSS Score
0.04%
Published
2012-09-07
Updated
2012-09-21
CVE-2009-1260
Public exploit
Multiple stack-based buffer overflows in UltraISO 9.3.3.2685 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted (1) CCD or (2) IMG file.
Max CVSS
9.3
EPSS Score
91.36%
Published
2009-04-07
Updated
2017-09-29
Multiple buffer overflows in UltraISO 9.3.1.2633, and possibly other versions before 9.3.3.2685, allow user-assisted attackers to execute arbitrary code via a crafted (1) CIF, (2) C2D, or (3) GI file.
Max CVSS
9.3
EPSS Score
0.52%
Published
2009-04-01
Updated
2018-10-11
Multiple format string vulnerabilities in UltraISO 9.3.1.2633, and possibly other versions before 9.3.3.2685, allow user-assisted attackers to execute arbitrary code via format string specifiers in the filename of a (1) DAA or (2) ISZ file.
Max CVSS
9.3
EPSS Score
0.40%
Published
2009-04-01
Updated
2018-10-11
5 vulnerabilities found