Computer Security
[EN] securityvulns.ru no-pyccku


UiltraISO multiple security vulnerabilities
Published:01.04.2009
Source:
SecurityVulns ID:9782
Type:local
Threat Level:
5/10
Description:Format string vulnerability via image filename. Buffer overflows on different disk image formats prasing.
Affected:ULTRAISO : UltraISO 9.3
CVE:CVE-2008-4825 (Multiple buffer overflows in UltraISO 9.3.1.2633, and possibly other versions before 9.3.3.2685, allow user-assisted attackers to execute arbitrary code via a crafted (1) CIF, (2) C2D, or (3) GI file.)
 CVE-2008-3871 (Multiple format string vulnerabilities in UltraISO 9.3.1.2633, and possibly other versions before 9.3.3.2685, allow user-assisted attackers to execute arbitrary code via format string specifiers in the filename of a (1) DAA or (2) ISZ file.)
Original documentdocumentSECUNIA, Secunia Research: UltraISO Image Parsing Buffer Overflow Vulnerabilities (01.04.2009)
 documentSECUNIA, Secunia Research: UltraISO Image Name Parsing Format String Vulnerabilities (01.04.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod