Security update for image tool UltraISO
Three vulnerabilities have been fixed in the 9.3.3.2685 release of UltraISO that could have allowed an attacker to compromise a users system. UltraISO from EZB Systems is a tool to create, edit and convert CD and DVD ISO image files.
According to the security service provider Secunia, vulnerabilities in the parsing of CIF, C2D and GI files can be exploited in previous versions of UltraISO to cause a buffer overflow that could allow for the execution of malicious code. In order for an attack to be successful, the attacker must first convince the user to open one of the specially crafted files on their system.
See also:
- UltraISO Image Parsing Buffer Overflow Vulnerabilities, advisory from Secunia Research.
(crve)