Untrusted Search Path Vulnerability in UltraISO by EZB Systems
CVE-2010-5255

Currently unrated

Key Information:

Vendor: Ezbsystems
Status: Ultraiso
Vendor: CVE Published:; 7 September 2012

What is CVE-2010-5255?

The vulnerability in UltraISO version 9.3.6.2750 arises from an untrusted search path, which permits local users to execute malicious code by placing a crafted 'daemon.dll' file in the current working directory. If a user opens a directory containing a malicious .iso file, the application may inadvertently load the harmful DLL, allowing attackers to gain elevated privileges. This security flaw highlights the need for stringent code execution policies and user awareness to mitigate potential exploitation.

References

http://secunia.com/advisories/41227

third-party-advisoryx_refsource_SECUNIA

http://www.corelan.be:8800/index.php/2010/08/25/dll-hijac...

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Sep 7, 2012

CVE-2010-5255 Data

JSON

Ezbsystems

What is CVE-2010-5255?

References

Timeline