Search criteria
15 vulnerabilities found for ultraiso by ezbsystems
FKIE_CVE-2017-2840
Vulnerability from fkie_nvd - Published: 2018-04-24 19:29 - Updated: 2024-11-21 03:24
Severity ?
Summary
A buffer overflow vulnerability exists in the ISO parsing functionality of EZB Systems UltraISO 9.6.6.3300. A specially crafted .ISO file can cause a vulnerability resulting in potential code execution. An attacker can provide a specific .ISO file to trigger this vulnerability.
References
| URL | Tags | ||
|---|---|---|---|
| talos-cna@cisco.com | http://www.securityfocus.com/bid/100084 | Broken Link | |
| talos-cna@cisco.com | https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0342 | Exploit, Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/100084 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0342 | Exploit, Technical Description, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ezbsystems | ultraiso | 9.6.6.3300 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ezbsystems:ultraiso:9.6.6.3300:*:*:*:*:*:*:*",
"matchCriteriaId": "F4079AD6-153F-425E-A279-384F55C9A3CF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow vulnerability exists in the ISO parsing functionality of EZB Systems UltraISO 9.6.6.3300. A specially crafted .ISO file can cause a vulnerability resulting in potential code execution. An attacker can provide a specific .ISO file to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad explotable de desbordamiento de b\u00fafer en la funcionalidad de an\u00e1lisis ISO de EZB Systems UltraISO 9.6.6.3300. Un archivo .ISO especialmente manipulado puede provocar una vulnerabilidad que podr\u00eda dar\u00eda lugar a la ejecuci\u00f3n de c\u00f3digo. Un atacante puede proporcionar un archivo .ISO espec\u00edfico para provocar esta vulnerabilidad."
}
],
"id": "CVE-2017-2840",
"lastModified": "2024-11-21T03:24:15.230",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "talos-cna@cisco.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-24T19:29:02.737",
"references": [
{
"source": "talos-cna@cisco.com",
"tags": [
"Broken Link"
],
"url": "http://www.securityfocus.com/bid/100084"
},
{
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0342"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.securityfocus.com/bid/100084"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0342"
}
],
"sourceIdentifier": "talos-cna@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2010-5255
Vulnerability from fkie_nvd - Published: 2012-09-07 10:32 - Updated: 2025-04-11 00:51
Severity ?
Summary
Untrusted search path vulnerability in UltraISO 9.3.6.2750 allows local users to gain privileges via a Trojan horse daemon.dll file in the current working directory, as demonstrated by a directory that contains a .iso file. NOTE: some of these details are obtained from third party information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ezbsystems | ultraiso | 9.3.6.2750 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ezbsystems:ultraiso:9.3.6.2750:*:*:*:*:*:*:*",
"matchCriteriaId": "5BBF56FA-1E1A-49EB-81D1-597B64F515DE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in UltraISO 9.3.6.2750 allows local users to gain privileges via a Trojan horse daemon.dll file in the current working directory, as demonstrated by a directory that contains a .iso file. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "Vulnerabilidad de ruta de b\u00fasqueda no confiable en UltraISO v9.3.6.2750, permite a usuarios locales ganar privilegios a trav\u00e9s de un archivo de caballo de troya daemon.dll en el directorio de trabajo actual, como se demostr\u00f3 con un directorio que contiene un archivo .iso. NOTA: algunos de estos detalles han sido obtenidos de fuentes de terceros."
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/426.html \u0027CWE-426 Untrusted Search Path\u0027",
"id": "CVE-2010-5255",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-09-07T10:32:22.600",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41227"
},
{
"source": "cve@mitre.org",
"url": "http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41227"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2009-1260
Vulnerability from fkie_nvd - Published: 2009-04-07 23:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Multiple stack-based buffer overflows in UltraISO 9.3.3.2685 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted (1) CCD or (2) IMG file.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ezbsystems:ultraiso:*:-:pe:*:*:*:*:*",
"matchCriteriaId": "17F5DF7A-9903-43A9-9BD2-E13EFAB08439",
"versionEndIncluding": "9.3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ezbsystems:ultraiso:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC0D66CC-2BB9-42F2-AB1A-F2528F524235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ezbsystems:ultraiso:3.1_sr1:*:*:*:*:*:*:*",
"matchCriteriaId": "7E500A39-2771-4755-9BB8-117CAD275958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ezbsystems:ultraiso:3.1_sr2:*:*:*:*:*:*:*",
"matchCriteriaId": "DDA8DC52-D446-4610-85DB-FF370D2338B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ezbsystems:ultraiso:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5236E727-20BB-42A3-BAE1-A0243FED3633",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ezbsystems:ultraiso:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5A1033E2-58A8-42A7-B782-BEA733CFE5EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ezbsystems:ultraiso:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "34021E37-E7F0-460A-A72D-936B8FB0EECC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ezbsystems:ultraiso:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "37F6294A-3E02-4B37-AB76-E5BCC99F0462",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ezbsystems:ultraiso:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "156623DE-C954-4470-97A0-87BB66AA0BA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ezbsystems:ultraiso:5.55:*:*:*:*:*:*:*",
"matchCriteriaId": "C42C26DB-5C2B-444A-A2CE-0EF9DE1C57AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ezbsystems:ultraiso:5.55_sr-1:*:*:*:*:*:*:*",
"matchCriteriaId": "199E347B-61BE-4EF9-A2B6-6D1998462E54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ezbsystems:ultraiso:5.55_sr-2:*:*:*:*:*:*:*",
"matchCriteriaId": "BEF4B560-72DF-4FDB-B77B-60D8253B8B22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ezbsystems:ultraiso:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "75393582-C1D5-42FD-9C4D-4E39810A89E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ezbsystems:ultraiso:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AE47C4E9-C4AB-48C7-814F-0F58E3F358CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ezbsystems:ultraiso:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6B07F4F7-7C7C-4358-A304-02F5DFCA82AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ezbsystems:ultraiso:6.51:*:*:*:*:*:*:*",
"matchCriteriaId": "FE09B73F-A9F1-473E-9C0A-8CC144DD00A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ezbsystems:ultraiso:6.52:*:*:*:*:*:*:*",
"matchCriteriaId": "EC84B744-042C-4C83-A0D6-37F1934E35AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ezbsystems:ultraiso:6.52_sr-1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7571790-24EA-4764-AB99-3F4AA792B81E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ezbsystems:ultraiso:6.52_sr-2:*:*:*:*:*:*:*",
"matchCriteriaId": "7621A640-266C-4435-9770-1804F186CA36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ezbsystems:ultraiso:6.56_sr-1:*:*:*:*:*:*:*",
"matchCriteriaId": "806D55A4-F87D-49D0-AD72-A254FAEDF56B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ezbsystems:ultraiso:6.56_sr-2:*:*:*:*:*:*:*",
"matchCriteriaId": "ECC8414A-FE5D-4343-842D-6FD1B6EB4BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ezbsystems:ultraiso:7.0:-:me:*:*:*:*:*",
"matchCriteriaId": "9BF9EF37-892B-4314-9F57-95D11548E659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ezbsystems:ultraiso:7.1:-:me:*:*:*:*:*",
"matchCriteriaId": "3BA4DAF7-72D5-47A9-ADD9-0274D8CBCCA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ezbsystems:ultraiso:7.5:-:me:*:*:*:*:*",
"matchCriteriaId": "12CC24A7-74D6-4FA5-B9F2-E0669D1E4E81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ezbsystems:ultraiso:7.6:-:me:*:*:*:*:*",
"matchCriteriaId": "6AD36A09-943A-4B34-9439-34E0CACB1B13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ezbsystems:ultraiso:7.21_sr-1:*:*:*:*:*:*:*",
"matchCriteriaId": "DBAB8C09-472D-46D0-8AA7-B017A0D7DC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ezbsystems:ultraiso:7.21_sr-2:*:*:*:*:*:*:*",
"matchCriteriaId": "119B2B6F-E010-487F-A8BE-7929426E3C3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ezbsystems:ultraiso:7.22_me:*:*:*:*:*:*:*",
"matchCriteriaId": "C86A46AD-3BB8-4F5B-9F73-2A9BE6BD3B65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ezbsystems:ultraiso:7.23:-:me:*:*:*:*:*",
"matchCriteriaId": "995353BF-F882-44C4-8698-20AE41FDDF36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ezbsystems:ultraiso:7.25:-:me:*:*:*:*:*",
"matchCriteriaId": "7FB3582B-A19A-4D00-8D3C-47D73386E215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ezbsystems:ultraiso:7.51:-:me:*:*:*:*:*",
"matchCriteriaId": "04F1A22F-80DF-4F0C-A6AE-4232327AF258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ezbsystems:ultraiso:7.52:-:me:*:*:*:*:*",
"matchCriteriaId": "F2CB70BB-8DF2-4FCE-914C-BE5C6D8BF7F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ezbsystems:ultraiso:7.55:-:me:*:*:*:*:*",
"matchCriteriaId": "0ED81FD8-2DCD-44A7-B29D-EA537D8A76C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ezbsystems:ultraiso:7.56:-:me:*:*:*:*:*",
"matchCriteriaId": "08DBBFF6-2B77-4B28-AEBE-51CC37F57169",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ezbsystems:ultraiso:7.62:-:me:*:*:*:*:*",
"matchCriteriaId": "FCE3C7D8-0DC3-442E-9733-7D05770E6D51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ezbsystems:ultraiso:7.65:-:me:*:*:*:*:*",
"matchCriteriaId": "A650E9E8-A2E1-420B-8EBC-4608ED2669F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ezbsystems:ultraiso:7.65_sr-2:*:*:*:*:*:*:*",
"matchCriteriaId": "91A65038-1900-44BF-BAAE-DA348A1C2274",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ezbsystems:ultraiso:7.66:-:me:*:*:*:*:*",
"matchCriteriaId": "E3EBB8A7-1F10-4E4A-9965-C142976F335B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ezbsystems:ultraiso:8:-:pe:*:*:*:*:*",
"matchCriteriaId": "1A8AF672-11EF-4D00-9CB0-4C687C73D27E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ezbsystems:ultraiso:8.2:-:pe:*:*:*:*:*",
"matchCriteriaId": "A2238638-682D-4EFD-A793-FB015D24AF0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ezbsystems:ultraiso:8.6:-:pe:*:*:*:*:*",
"matchCriteriaId": "A7ABE1FD-F407-4A2A-80AC-798DAD000A7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ezbsystems:ultraiso:8.12:-:pe:*:*:*:*:*",
"matchCriteriaId": "CEA13675-CB4C-4ADB-911B-0834AED3504B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ezbsystems:ultraiso:8.51:-:pe:*:*:*:*:*",
"matchCriteriaId": "63DD03D1-E0C9-47DB-98E6-CDA26193E53F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ezbsystems:ultraiso:8.61:-:pe:*:*:*:*:*",
"matchCriteriaId": "3E2E7CD0-51CE-461B-9098-6341B6480298",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ezbsystems:ultraiso:8.62:-:pe:*:*:*:*:*",
"matchCriteriaId": "912F4170-8E12-400C-97C1-109396B5D8D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ezbsystems:ultraiso:8.63:-:pe:*:*:*:*:*",
"matchCriteriaId": "E31327FF-B3CC-4236-BB84-B6DD2659A0EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ezbsystems:ultraiso:8.65:-:pe:*:*:*:*:*",
"matchCriteriaId": "F6F3AF7A-AE94-4C94-BF1D-219B4454149B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ezbsystems:ultraiso:8.66:-:pe:*:*:*:*:*",
"matchCriteriaId": "499BBD33-BE6A-42D6-9FC2-DE0D5A848E0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ezbsystems:ultraiso:9.0:-:pe:*:*:*:*:*",
"matchCriteriaId": "79ABC413-761B-4EB3-A9FC-B83EE5DAFC8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ezbsystems:ultraiso:9.1.2:-:pe:*:*:*:*:*",
"matchCriteriaId": "8D32892E-C508-469F-B06B-0F1C546106C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ezbsystems:ultraiso:9.2:-:pe:*:*:*:*:*",
"matchCriteriaId": "94B835E1-8E67-46FE-B9C6-854525DCF0C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ezbsystems:ultraiso:9.3:-:pe:*:*:*:*:*",
"matchCriteriaId": "266CEA1B-5C88-4A66-BD7B-53EC2750575C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ezbsystems:ultraiso:9.3.1:-:pe:*:*:*:*:*",
"matchCriteriaId": "4C9B2E61-9531-478C-AF8A-F16439F0A221",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ezbsystems:ultraiso:9.3.2:-:pe:*:*:*:*:*",
"matchCriteriaId": "375D5262-2DE1-4056-A010-F171A852AFBC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in UltraISO 9.3.3.2685 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted (1) CCD or (2) IMG file."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos del b\u00fafer basados en pila en UltraISO v9.3.3.2685 y versiones anteriores, permiten a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) y ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un fichero (1) CCD o (2) IMG manipulado."
}
],
"id": "CVE-2009-1260",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-04-07T23:30:00.327",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/53275"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34581"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/34363"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/0935"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49672"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/8343"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/53275"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34581"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/34363"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/0935"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49672"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/8343"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-3871
Vulnerability from fkie_nvd - Published: 2009-04-01 18:00 - Updated: 2025-04-09 00:30
Severity ?
Summary
Multiple format string vulnerabilities in UltraISO 9.3.1.2633, and possibly other versions before 9.3.3.2685, allow user-assisted attackers to execute arbitrary code via format string specifiers in the filename of a (1) DAA or (2) ISZ file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ezbsystems | ultraiso | 9.3.1.2633 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ezbsystems:ultraiso:9.3.1.2633:*:*:*:*:*:*:*",
"matchCriteriaId": "234765BD-26F3-44A6-A18B-BE724E619CB1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple format string vulnerabilities in UltraISO 9.3.1.2633, and possibly other versions before 9.3.3.2685, allow user-assisted attackers to execute arbitrary code via format string specifiers in the filename of a (1) DAA or (2) ISZ file."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de formato de cadena en UltraISO v9.3.1.2633, y posiblemente otras versiones anteriores a v9.3.3.2685, permite a atacantes asistidos por usuario ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de formatos de cadena espec\u00edficos en el nombre de fichero de un fichero (1) DAA o (2) ISZ."
}
],
"id": "CVE-2008-3871",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-04-01T18:00:00.187",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32415"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2008-48/"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Patch"
],
"url": "http://www.ezbsystems.com/ultraiso/history.htm"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securityfocus.com/archive/1/502324/100/0/threaded"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securityfocus.com/bid/34325"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securitytracker.com/id?1021965"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.vupen.com/english/advisories/2009/0903"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32415"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2008-48/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.ezbsystems.com/ultraiso/history.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/502324/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/34325"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021965"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/0903"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-134"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-4825
Vulnerability from fkie_nvd - Published: 2009-04-01 18:00 - Updated: 2025-04-09 00:30
Severity ?
Summary
Multiple buffer overflows in UltraISO 9.3.1.2633, and possibly other versions before 9.3.3.2685, allow user-assisted attackers to execute arbitrary code via a crafted (1) CIF, (2) C2D, or (3) GI file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ezbsystems | ultraiso | 9.3.1.2633 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ezbsystems:ultraiso:9.3.1.2633:*:*:*:*:*:*:*",
"matchCriteriaId": "234765BD-26F3-44A6-A18B-BE724E619CB1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in UltraISO 9.3.1.2633, and possibly other versions before 9.3.3.2685, allow user-assisted attackers to execute arbitrary code via a crafted (1) CIF, (2) C2D, or (3) GI file."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de b\u00fafer en UltraISO v9.3.1.2633, y posiblemente otras versiones anteriores a v9.3.3.2685, permite a atacantes asistidos por usuario ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de ficheros (1) CIF, (2) C2D, o(3) GI manipulados."
}
],
"id": "CVE-2008-4825",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-04-01T18:00:00.217",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32415"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://secunia.com/secunia_research/2008-49/"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.ezbsystems.com/ultraiso/history.htm"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securityfocus.com/archive/1/502323/100/0/threaded"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securityfocus.com/bid/34325"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securitytracker.com/id?1021964"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.vupen.com/english/advisories/2009/0903"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32415"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/secunia_research/2008-49/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ezbsystems.com/ultraiso/history.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/502323/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/34325"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021964"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/0903"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2017-2840 (GCVE-0-2017-2840)
Vulnerability from cvelistv5 – Published: 2018-04-24 19:00 – Updated: 2024-09-16 18:19
VLAI?
Summary
A buffer overflow vulnerability exists in the ISO parsing functionality of EZB Systems UltraISO 9.6.6.3300. A specially crafted .ISO file can cause a vulnerability resulting in potential code execution. An attacker can provide a specific .ISO file to trigger this vulnerability.
Severity ?
8.8 (High)
CWE
- buffer overflow
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| EZB Systems | UltraISO |
Affected:
9.6.6.3300
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:09:16.826Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "100084",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100084"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0342"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UltraISO",
"vendor": "EZB Systems",
"versions": [
{
"status": "affected",
"version": "9.6.6.3300"
}
]
}
],
"datePublic": "2017-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow vulnerability exists in the ISO parsing functionality of EZB Systems UltraISO 9.6.6.3300. A specially crafted .ISO file can cause a vulnerability resulting in potential code execution. An attacker can provide a specific .ISO file to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "buffer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T18:23:13",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "100084",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100084"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0342"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2017-08-01T00:00:00",
"ID": "CVE-2017-2840",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UltraISO",
"version": {
"version_data": [
{
"version_value": "9.6.6.3300"
}
]
}
}
]
},
"vendor_name": "EZB Systems"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A buffer overflow vulnerability exists in the ISO parsing functionality of EZB Systems UltraISO 9.6.6.3300. A specially crafted .ISO file can cause a vulnerability resulting in potential code execution. An attacker can provide a specific .ISO file to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 8.8,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100084",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100084"
},
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0342",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0342"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2017-2840",
"datePublished": "2018-04-24T19:00:00Z",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-09-16T18:19:06.091Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-5255 (GCVE-0-2010-5255)
Vulnerability from cvelistv5 – Published: 2012-09-07 10:00 – Updated: 2024-09-16 19:57
VLAI?
Summary
Untrusted search path vulnerability in UltraISO 9.3.6.2750 allows local users to gain privileges via a Trojan horse daemon.dll file in the current working directory, as demonstrated by a directory that contains a .iso file. NOTE: some of these details are obtained from third party information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:17:10.276Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "41227",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41227"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in UltraISO 9.3.6.2750 allows local users to gain privileges via a Trojan horse daemon.dll file in the current working directory, as demonstrated by a directory that contains a .iso file. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-07T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "41227",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41227"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5255",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in UltraISO 9.3.6.2750 allows local users to gain privileges via a Trojan horse daemon.dll file in the current working directory, as demonstrated by a directory that contains a .iso file. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "41227",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41227"
},
{
"name": "http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/",
"refsource": "MISC",
"url": "http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-5255",
"datePublished": "2012-09-07T10:00:00Z",
"dateReserved": "2012-09-07T00:00:00Z",
"dateUpdated": "2024-09-16T19:57:32.523Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1260 (GCVE-0-2009-1260)
Vulnerability from cvelistv5 – Published: 2009-04-07 23:00 – Updated: 2024-08-07 05:04
VLAI?
Summary
Multiple stack-based buffer overflows in UltraISO 9.3.3.2685 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted (1) CCD or (2) IMG file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:04:49.333Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ultraiso-ccd-img-bo(49672)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49672"
},
{
"name": "34363",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34363"
},
{
"name": "53275",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/53275"
},
{
"name": "ADV-2009-0935",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0935"
},
{
"name": "8343",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/8343"
},
{
"name": "34581",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34581"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in UltraISO 9.3.3.2685 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted (1) CCD or (2) IMG file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ultraiso-ccd-img-bo(49672)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49672"
},
{
"name": "34363",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34363"
},
{
"name": "53275",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/53275"
},
{
"name": "ADV-2009-0935",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0935"
},
{
"name": "8343",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/8343"
},
{
"name": "34581",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34581"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1260",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in UltraISO 9.3.3.2685 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted (1) CCD or (2) IMG file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ultraiso-ccd-img-bo(49672)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49672"
},
{
"name": "34363",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34363"
},
{
"name": "53275",
"refsource": "OSVDB",
"url": "http://osvdb.org/53275"
},
{
"name": "ADV-2009-0935",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0935"
},
{
"name": "8343",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8343"
},
{
"name": "34581",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34581"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1260",
"datePublished": "2009-04-07T23:00:00",
"dateReserved": "2009-04-07T00:00:00",
"dateUpdated": "2024-08-07T05:04:49.333Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3871 (GCVE-0-2008-3871)
Vulnerability from cvelistv5 – Published: 2009-04-01 17:00 – Updated: 2024-08-07 09:53
VLAI?
Summary
Multiple format string vulnerabilities in UltraISO 9.3.1.2633, and possibly other versions before 9.3.3.2685, allow user-assisted attackers to execute arbitrary code via format string specifiers in the filename of a (1) DAA or (2) ISZ file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:53:00.397Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20090401 Secunia Research: UltraISO Image Name Parsing Format String Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/502324/100/0/threaded"
},
{
"name": "1021965",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021965"
},
{
"name": "32415",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32415"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ezbsystems.com/ultraiso/history.htm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2008-48/"
},
{
"name": "34325",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34325"
},
{
"name": "ADV-2009-0903",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0903"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple format string vulnerabilities in UltraISO 9.3.1.2633, and possibly other versions before 9.3.3.2685, allow user-assisted attackers to execute arbitrary code via format string specifiers in the filename of a (1) DAA or (2) ISZ file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "20090401 Secunia Research: UltraISO Image Name Parsing Format String Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/502324/100/0/threaded"
},
{
"name": "1021965",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021965"
},
{
"name": "32415",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32415"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ezbsystems.com/ultraiso/history.htm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2008-48/"
},
{
"name": "34325",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34325"
},
{
"name": "ADV-2009-0903",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0903"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2008-3871",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple format string vulnerabilities in UltraISO 9.3.1.2633, and possibly other versions before 9.3.3.2685, allow user-assisted attackers to execute arbitrary code via format string specifiers in the filename of a (1) DAA or (2) ISZ file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20090401 Secunia Research: UltraISO Image Name Parsing Format String Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/502324/100/0/threaded"
},
{
"name": "1021965",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021965"
},
{
"name": "32415",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32415"
},
{
"name": "http://www.ezbsystems.com/ultraiso/history.htm",
"refsource": "MISC",
"url": "http://www.ezbsystems.com/ultraiso/history.htm"
},
{
"name": "http://secunia.com/secunia_research/2008-48/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2008-48/"
},
{
"name": "34325",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34325"
},
{
"name": "ADV-2009-0903",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0903"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2008-3871",
"datePublished": "2009-04-01T17:00:00",
"dateReserved": "2008-08-29T00:00:00",
"dateUpdated": "2024-08-07T09:53:00.397Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4825 (GCVE-0-2008-4825)
Vulnerability from cvelistv5 – Published: 2009-04-01 17:00 – Updated: 2024-08-07 10:31
VLAI?
Summary
Multiple buffer overflows in UltraISO 9.3.1.2633, and possibly other versions before 9.3.3.2685, allow user-assisted attackers to execute arbitrary code via a crafted (1) CIF, (2) C2D, or (3) GI file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:31:27.908Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "32415",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32415"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ezbsystems.com/ultraiso/history.htm"
},
{
"name": "1021964",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021964"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2008-49/"
},
{
"name": "34325",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34325"
},
{
"name": "ADV-2009-0903",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0903"
},
{
"name": "20090401 Secunia Research: UltraISO Image Parsing Buffer Overflow Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/502323/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in UltraISO 9.3.1.2633, and possibly other versions before 9.3.3.2685, allow user-assisted attackers to execute arbitrary code via a crafted (1) CIF, (2) C2D, or (3) GI file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "32415",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32415"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ezbsystems.com/ultraiso/history.htm"
},
{
"name": "1021964",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021964"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2008-49/"
},
{
"name": "34325",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34325"
},
{
"name": "ADV-2009-0903",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0903"
},
{
"name": "20090401 Secunia Research: UltraISO Image Parsing Buffer Overflow Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/502323/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2008-4825",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in UltraISO 9.3.1.2633, and possibly other versions before 9.3.3.2685, allow user-assisted attackers to execute arbitrary code via a crafted (1) CIF, (2) C2D, or (3) GI file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32415",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32415"
},
{
"name": "http://www.ezbsystems.com/ultraiso/history.htm",
"refsource": "MISC",
"url": "http://www.ezbsystems.com/ultraiso/history.htm"
},
{
"name": "1021964",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021964"
},
{
"name": "http://secunia.com/secunia_research/2008-49/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2008-49/"
},
{
"name": "34325",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34325"
},
{
"name": "ADV-2009-0903",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0903"
},
{
"name": "20090401 Secunia Research: UltraISO Image Parsing Buffer Overflow Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/502323/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2008-4825",
"datePublished": "2009-04-01T17:00:00",
"dateReserved": "2008-10-31T00:00:00",
"dateUpdated": "2024-08-07T10:31:27.908Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2840 (GCVE-0-2017-2840)
Vulnerability from nvd – Published: 2018-04-24 19:00 – Updated: 2024-09-16 18:19
VLAI?
Summary
A buffer overflow vulnerability exists in the ISO parsing functionality of EZB Systems UltraISO 9.6.6.3300. A specially crafted .ISO file can cause a vulnerability resulting in potential code execution. An attacker can provide a specific .ISO file to trigger this vulnerability.
Severity ?
8.8 (High)
CWE
- buffer overflow
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| EZB Systems | UltraISO |
Affected:
9.6.6.3300
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:09:16.826Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "100084",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100084"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0342"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UltraISO",
"vendor": "EZB Systems",
"versions": [
{
"status": "affected",
"version": "9.6.6.3300"
}
]
}
],
"datePublic": "2017-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow vulnerability exists in the ISO parsing functionality of EZB Systems UltraISO 9.6.6.3300. A specially crafted .ISO file can cause a vulnerability resulting in potential code execution. An attacker can provide a specific .ISO file to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "buffer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T18:23:13",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "100084",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100084"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0342"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2017-08-01T00:00:00",
"ID": "CVE-2017-2840",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UltraISO",
"version": {
"version_data": [
{
"version_value": "9.6.6.3300"
}
]
}
}
]
},
"vendor_name": "EZB Systems"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A buffer overflow vulnerability exists in the ISO parsing functionality of EZB Systems UltraISO 9.6.6.3300. A specially crafted .ISO file can cause a vulnerability resulting in potential code execution. An attacker can provide a specific .ISO file to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 8.8,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100084",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100084"
},
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0342",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0342"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2017-2840",
"datePublished": "2018-04-24T19:00:00Z",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-09-16T18:19:06.091Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-5255 (GCVE-0-2010-5255)
Vulnerability from nvd – Published: 2012-09-07 10:00 – Updated: 2024-09-16 19:57
VLAI?
Summary
Untrusted search path vulnerability in UltraISO 9.3.6.2750 allows local users to gain privileges via a Trojan horse daemon.dll file in the current working directory, as demonstrated by a directory that contains a .iso file. NOTE: some of these details are obtained from third party information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:17:10.276Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "41227",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41227"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in UltraISO 9.3.6.2750 allows local users to gain privileges via a Trojan horse daemon.dll file in the current working directory, as demonstrated by a directory that contains a .iso file. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-07T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "41227",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41227"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5255",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in UltraISO 9.3.6.2750 allows local users to gain privileges via a Trojan horse daemon.dll file in the current working directory, as demonstrated by a directory that contains a .iso file. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "41227",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41227"
},
{
"name": "http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/",
"refsource": "MISC",
"url": "http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-5255",
"datePublished": "2012-09-07T10:00:00Z",
"dateReserved": "2012-09-07T00:00:00Z",
"dateUpdated": "2024-09-16T19:57:32.523Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1260 (GCVE-0-2009-1260)
Vulnerability from nvd – Published: 2009-04-07 23:00 – Updated: 2024-08-07 05:04
VLAI?
Summary
Multiple stack-based buffer overflows in UltraISO 9.3.3.2685 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted (1) CCD or (2) IMG file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:04:49.333Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ultraiso-ccd-img-bo(49672)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49672"
},
{
"name": "34363",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34363"
},
{
"name": "53275",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/53275"
},
{
"name": "ADV-2009-0935",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0935"
},
{
"name": "8343",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/8343"
},
{
"name": "34581",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34581"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in UltraISO 9.3.3.2685 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted (1) CCD or (2) IMG file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ultraiso-ccd-img-bo(49672)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49672"
},
{
"name": "34363",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34363"
},
{
"name": "53275",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/53275"
},
{
"name": "ADV-2009-0935",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0935"
},
{
"name": "8343",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/8343"
},
{
"name": "34581",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34581"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1260",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in UltraISO 9.3.3.2685 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted (1) CCD or (2) IMG file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ultraiso-ccd-img-bo(49672)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49672"
},
{
"name": "34363",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34363"
},
{
"name": "53275",
"refsource": "OSVDB",
"url": "http://osvdb.org/53275"
},
{
"name": "ADV-2009-0935",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0935"
},
{
"name": "8343",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8343"
},
{
"name": "34581",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34581"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1260",
"datePublished": "2009-04-07T23:00:00",
"dateReserved": "2009-04-07T00:00:00",
"dateUpdated": "2024-08-07T05:04:49.333Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3871 (GCVE-0-2008-3871)
Vulnerability from nvd – Published: 2009-04-01 17:00 – Updated: 2024-08-07 09:53
VLAI?
Summary
Multiple format string vulnerabilities in UltraISO 9.3.1.2633, and possibly other versions before 9.3.3.2685, allow user-assisted attackers to execute arbitrary code via format string specifiers in the filename of a (1) DAA or (2) ISZ file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:53:00.397Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20090401 Secunia Research: UltraISO Image Name Parsing Format String Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/502324/100/0/threaded"
},
{
"name": "1021965",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021965"
},
{
"name": "32415",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32415"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ezbsystems.com/ultraiso/history.htm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2008-48/"
},
{
"name": "34325",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34325"
},
{
"name": "ADV-2009-0903",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0903"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple format string vulnerabilities in UltraISO 9.3.1.2633, and possibly other versions before 9.3.3.2685, allow user-assisted attackers to execute arbitrary code via format string specifiers in the filename of a (1) DAA or (2) ISZ file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "20090401 Secunia Research: UltraISO Image Name Parsing Format String Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/502324/100/0/threaded"
},
{
"name": "1021965",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021965"
},
{
"name": "32415",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32415"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ezbsystems.com/ultraiso/history.htm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2008-48/"
},
{
"name": "34325",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34325"
},
{
"name": "ADV-2009-0903",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0903"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2008-3871",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple format string vulnerabilities in UltraISO 9.3.1.2633, and possibly other versions before 9.3.3.2685, allow user-assisted attackers to execute arbitrary code via format string specifiers in the filename of a (1) DAA or (2) ISZ file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20090401 Secunia Research: UltraISO Image Name Parsing Format String Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/502324/100/0/threaded"
},
{
"name": "1021965",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021965"
},
{
"name": "32415",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32415"
},
{
"name": "http://www.ezbsystems.com/ultraiso/history.htm",
"refsource": "MISC",
"url": "http://www.ezbsystems.com/ultraiso/history.htm"
},
{
"name": "http://secunia.com/secunia_research/2008-48/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2008-48/"
},
{
"name": "34325",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34325"
},
{
"name": "ADV-2009-0903",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0903"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2008-3871",
"datePublished": "2009-04-01T17:00:00",
"dateReserved": "2008-08-29T00:00:00",
"dateUpdated": "2024-08-07T09:53:00.397Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4825 (GCVE-0-2008-4825)
Vulnerability from nvd – Published: 2009-04-01 17:00 – Updated: 2024-08-07 10:31
VLAI?
Summary
Multiple buffer overflows in UltraISO 9.3.1.2633, and possibly other versions before 9.3.3.2685, allow user-assisted attackers to execute arbitrary code via a crafted (1) CIF, (2) C2D, or (3) GI file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:31:27.908Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "32415",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32415"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ezbsystems.com/ultraiso/history.htm"
},
{
"name": "1021964",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021964"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2008-49/"
},
{
"name": "34325",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34325"
},
{
"name": "ADV-2009-0903",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0903"
},
{
"name": "20090401 Secunia Research: UltraISO Image Parsing Buffer Overflow Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/502323/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in UltraISO 9.3.1.2633, and possibly other versions before 9.3.3.2685, allow user-assisted attackers to execute arbitrary code via a crafted (1) CIF, (2) C2D, or (3) GI file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "32415",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32415"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ezbsystems.com/ultraiso/history.htm"
},
{
"name": "1021964",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021964"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2008-49/"
},
{
"name": "34325",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34325"
},
{
"name": "ADV-2009-0903",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0903"
},
{
"name": "20090401 Secunia Research: UltraISO Image Parsing Buffer Overflow Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/502323/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2008-4825",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in UltraISO 9.3.1.2633, and possibly other versions before 9.3.3.2685, allow user-assisted attackers to execute arbitrary code via a crafted (1) CIF, (2) C2D, or (3) GI file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32415",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32415"
},
{
"name": "http://www.ezbsystems.com/ultraiso/history.htm",
"refsource": "MISC",
"url": "http://www.ezbsystems.com/ultraiso/history.htm"
},
{
"name": "1021964",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021964"
},
{
"name": "http://secunia.com/secunia_research/2008-49/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2008-49/"
},
{
"name": "34325",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34325"
},
{
"name": "ADV-2009-0903",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0903"
},
{
"name": "20090401 Secunia Research: UltraISO Image Parsing Buffer Overflow Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/502323/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2008-4825",
"datePublished": "2009-04-01T17:00:00",
"dateReserved": "2008-10-31T00:00:00",
"dateUpdated": "2024-08-07T10:31:27.908Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}