Vulnerabilities > CVE-2008-3871 - USE of Externally-Controlled Format String vulnerability in Ezbsystems Ultraiso 9.3.1.2633
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Multiple format string vulnerabilities in UltraISO 9.3.1.2633, and possibly other versions before 9.3.3.2685, allow user-assisted attackers to execute arbitrary code via format string specifiers in the filename of a (1) DAA or (2) ISZ file.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Format String Injection An attacker includes formatting characters in a string input field on the target application. Most applications assume that users will provide static text and may respond unpredictably to the presence of formatting character. For example, in certain functions of the C programming languages such as printf, the formatting character %s will print the contents of a memory location expecting this location to identify a string and the formatting character %n prints the number of DWORD written in the memory. An attacker can use this to read or write to memory locations or files, or simply to manipulate the value of the resulting text in unexpected ways. Reading or writing memory may result in program crashes and writing memory could result in the execution of arbitrary code if the attacker can write to the program stack.
- String Format Overflow in syslog() This attack targets the format string vulnerabilities in the syslog() function. An attacker would typically inject malicious input in the format string parameter of the syslog function. This is a common problem, and many public vulnerabilities and associated exploits have been posted.
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 34325 CVE(CAN) ID: CVE-2008-4825,CVE-2008-3871 UltraISO软碟通是一款功能强大而又方便实用的软碟文件制作/编辑/转换工具。 UltraISO在处理DAA和ISZ文件名时存在格式串漏洞,如果用户受骗打开了名称中包含有格式串标识符的特制文件的话,就可能导致执行任意代码。 如果用户受骗使用UltraISO打开了畸形的CIF、C2D或GI文件的话,就可能触发多个缓冲区溢出,导致执行任意代码。 EZB Systems UltraISO 9.3.1.2633 EZB Systems ----------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=http://www.ezbsystems.com/ultraiso/download.htm target=_blank rel=external nofollow>http://www.ezbsystems.com/ultraiso/download.htm</a> |
| id | SSV:4985 |
| last seen | 2017-11-19 |
| modified | 2009-04-02 |
| published | 2009-04-02 |
| reporter | Root |
| title | UltraISO文件解析多个安全漏洞 |
References
- http://secunia.com/advisories/32415
- http://secunia.com/secunia_research/2008-48/
- http://www.ezbsystems.com/ultraiso/history.htm
- http://www.securityfocus.com/archive/1/502324/100/0/threaded
- http://www.securityfocus.com/bid/34325
- http://www.securitytracker.com/id?1021965
- http://www.vupen.com/english/advisories/2009/0903