EUVD-2008-3857

Malware in sbrugna...

UltraISO文件解析多个安全漏洞

BUGTRAQ ID: 34325 CVECAN ID: CVE-2008-4825,CVE-2008-3871 UltraISO软碟通是一款功能强大而又方便实用的软碟文件制作/编辑/转换工具。 UltraISO在处理DAA和ISZ文件名时存在格式串漏洞，如果用户受骗打开了名称中包含有格式串标识符的特制文件的话，就可能导致执行任意代码。 如果用户受骗使用UltraISO打开了畸形的CIF、C2D或GI文件的话，就可能触发多个缓冲区溢出，导致执行任意代码。 EZB Systems UltraISO 9.3.1.2633 EZB Systems -----------...

Format string

Multiple format string vulnerabilities in UltraISO 9.3.1.2633, and possibly other versions before 9.3.3.2685, allow user-assisted attackers to execute arbitrary code via format string specifiers in the filename of a 1 DAA or 2 ISZ file...

CVE-2008-3871

Multiple format string vulnerabilities in UltraISO 9.3.1.2633, and possibly other versions before 9.3.3.2685, allow user-assisted attackers to execute arbitrary code via format string specifiers in the filename of a 1 DAA or 2 ISZ file...

CVE-2008-3871

UltraISO 9.3.1.2633 (and possibly earlier versions) contains format string vulnerabilities in DAA/ISZ file name handling that can allow user‑assisted arbitrary code execution. Vendor reportedly fixed the issue in version 9.3.3.2685; multiple advisories and CVE entries confirm the flaw. No exploit...

Secunia Research: UltraISO Image Name Parsing Format String Vulnerabilities

====================================================================== Secunia Research 01/04/2009 - UltraISO Image Name Parsing Format String Vulnerabilities - ====================================================================== Table of Contents Affected...