CVE-2017-2840

Published: Apr 24, 2018Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A buffer overflow vulnerability exists in the ISO parsing functionality of EZB Systems UltraISO 9.6.6.3300. A specially crafted .ISO file can cause a vulnerability resulting in potential code execution. An attacker can provide a specific .ISO file to trigger this vulnerability.

Affected (1)

Products: Ezbsystems: Ultraiso

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ezbsystems Ultraiso	Version 9.6.6.3300

Related CWEs

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (4)

http://www.securityfocus.com/bid/100084

Source: talos-cna@cisco.com

Broken Link

https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0342

Source: talos-cna@cisco.com

ExploitTechnical DescriptionThird Party Advisory

http://www.securityfocus.com/bid/100084

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0342

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitTechnical DescriptionThird Party Advisory

Timeline

No history available yet.