Format String Vulnerabilities in UltraISO by EZB Systems
CVE-2008-3871

Currently unrated

Key Information:

Vendor: Ezbsystems
Status: Ultraiso
Vendor: CVE Published:; 1 April 2009

What is CVE-2008-3871?

Multiple format string vulnerabilities exist in UltraISO that enable user-assisted attackers to execute arbitrary code through malformed format string specifiers included in the filename of DAA or ISZ files. This exploitation can occur when attackers craft specific filenames that target the vulnerability, allowing them to gain unauthorized control over the affected system. Users of UltraISO versions prior to 9.3.3.2685 are particularly at risk, as they may inadvertently invoke these vulnerabilities.

References

http://www.securityfocus.com/archive/1/502324/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.securitytracker.com/id?1021965

vdb-entryx_refsource_SECTRACK

http://secunia.com/advisories/32415

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 1, 2009
Vulnerability Reserved
Aug 29, 2008

CVE-2008-3871 Data

JSON

Ezbsystems

What is CVE-2008-3871?

References

Timeline