CVE-2008-3871

Published: Apr 1, 2009

Modified: Aug 7, 2024

PUBLISHED

Description

Multiple format string vulnerabilities in UltraISO 9.3.1.2633, and possibly other versions before 9.3.3.2685, allow user-assisted attackers to execute arbitrary code via format string specifiers in the filename of a (1) DAA or (2) ISZ file.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

20090401 Secunia Research: UltraISO Image Name Parsing Format String Vulnerabilities

mailing-list

x_refsource_BUGTRAQ

1021965

vdb-entry

x_refsource_SECTRACK

32415

third-party-advisory

x_refsource_SECUNIA

http://www.ezbsystems.com/ultraiso/history.htm

x_refsource_MISC

http://secunia.com/secunia_research/2008-48/

x_refsource_MISC

34325

vdb-entry

x_refsource_BID

ADV-2009-0903

vdb-entry

x_refsource_VUPEN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2008-3871

Description

Affected Products

References