Vulnerabilities > CVE-2007-2888 - Stack Buffer Overflow vulnerability in UltraISO Cue File

047910
CVSS 7.6 - HIGH
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
high complexity
ezb-systems
exploit available
metasploit
NVD
Published: 2007-05-30
Updated: 2017-10-11

Summary

Stack-based buffer overflow in UltraISO 8.6.2.2011 and earlier allows user-assisted remote attackers to execute arbitrary code via a long FILE string (filename) in a .cue file, a related issue to CVE-2007-2761. NOTE: some details are obtained from third party information. Successful exploitation requires that the targeted user has the .BIN file in the same directory as the .CUE file.

Vulnerable Configurations

Part Description Count
Application
Ezb_Systems
1

Exploit-Db

  • descriptionUltraISO <= 8.6.2.2011 (Cue/Bin Files) Local Buffer Overflow Exploit. CVE-2007-2888. Local exploit for windows platform
    idEDB-ID:4001
    last seen2016-01-31
    modified2007-05-28
    published2007-05-28
    reportern00b
    sourcehttps://www.exploit-db.com/download/4001/
    titleUltraISO <= 8.6.2.2011 Cue/Bin Files Local Buffer Overflow Exploit
  • descriptionUltraISO CUE File Parsing Buffer Overflow. CVE-2007-2888. Local exploit for windows platform
    idEDB-ID:16627
    last seen2016-02-02
    modified2010-04-30
    published2010-04-30
    reportermetasploit
    sourcehttps://www.exploit-db.com/download/16627/
    titleUltraISO CUE File Parsing Buffer Overflow
  • descriptionUltraISO <= 8.6.2.2011 (Cue/Bin Files) Local Buffer Overflow PoC. CVE-2007-2888. Dos exploit for windows platform
    fileexploits/windows/dos/3978.pl
    idEDB-ID:3978
    last seen2016-01-31
    modified2007-05-24
    platformwindows
    port
    published2007-05-24
    reportern00b
    sourcehttps://www.exploit-db.com/download/3978/
    titleUltraISO <= 8.6.2.2011 Cue/Bin Files Local Buffer Overflow PoC
    typedos

Metasploit

descriptionThis module exploits a stack-based buffer overflow in EZB Systems, Inc's UltraISO. When processing .CUE files, data is read from file into a fixed-size stack buffer. Since no bounds checking is done, a buffer overflow can occur. Attackers can execute arbitrary code by convincing their victim to open an CUE file. NOTE: A file with the same base name, but the extension of "bin" must also exist. Opening either file will trigger the vulnerability, but the files must both exist.
idMSF:EXPLOIT/WINDOWS/FILEFORMAT/ULTRAISO_CUE
last seen2020-06-14
modified2017-07-24
published2010-03-29
referenceshttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2888
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/fileformat/ultraiso_cue.rb
titleUltraISO CUE File Parsing Buffer Overflow

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/87754/ultraiso_cue.rb.txt
idPACKETSTORM:87754
last seen2016-12-05
published2010-03-30
reporterjduck
sourcehttps://packetstormsecurity.com/files/87754/UltraISO-CUE-File-Parsing-Buffer-Overflow.html
titleUltraISO CUE File Parsing Buffer Overflow

References