Vulnerabilities > CVE-2009-1260 - Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ezbsystems Ultraiso

CVSS 9.3 - CRITICAL

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

ezbsystems

CWE-119

critical

exploit available

metasploit

NVD

Published: 2009-04-07

Updated: 2017-09-29

Summary

Multiple stack-based buffer overflows in UltraISO 9.3.3.2685 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted (1) CCD or (2) IMG file.

Vulnerable Configurations

Part	Description	Count
Application	Ezbsystems Ezbsystems Ultraiso 3.1 Ezbsystems Ultraiso 3.1_Sr1 Ezbsystems Ultraiso 3.1_Sr2 Ezbsystems Ultraiso 4.0 Ezbsystems Ultraiso 4.1 Ezbsystems Ultraiso 4.5 Ezbsystems Ultraiso 5.0 Ezbsystems Ultraiso 5.1 Ezbsystems Ultraiso 5.55 Ezbsystems Ultraiso 5.55_Sr-1 Ezbsystems Ultraiso 5.55_Sr-2 Ezbsystems Ultraiso 6.0 Ezbsystems Ultraiso 6.1 Ezbsystems Ultraiso 6.5 Ezbsystems Ultraiso 6.51 Ezbsystems Ultraiso 6.52 Ezbsystems Ultraiso 6.52_Sr-1 Ezbsystems Ultraiso 6.52_Sr-2 Ezbsystems Ultraiso 6.56_Sr-1 Ezbsystems Ultraiso 6.56_Sr-2 Ezbsystems Ultraiso 7.0 Ezbsystems Ultraiso 7.1 Ezbsystems Ultraiso 7.5 Ezbsystems Ultraiso 7.6 Ezbsystems Ultraiso 7.21_Sr-1 Ezbsystems Ultraiso 7.21_Sr-2 Ezbsystems Ultraiso 7.22_Me Ezbsystems Ultraiso 7.23 Ezbsystems Ultraiso 7.25 Ezbsystems Ultraiso 7.51 Ezbsystems Ultraiso 7.52 Ezbsystems Ultraiso 7.55 Ezbsystems Ultraiso 7.56 Ezbsystems Ultraiso 7.62 Ezbsystems Ultraiso 7.65 Ezbsystems Ultraiso 7.65_Sr-2 Ezbsystems Ultraiso 7.66 Ezbsystems Ultraiso 8 Ezbsystems Ultraiso 8.2 Ezbsystems Ultraiso 8.6 Ezbsystems Ultraiso 8.12 Ezbsystems Ultraiso 8.51 Ezbsystems Ultraiso 8.61 Ezbsystems Ultraiso 8.62 Ezbsystems Ultraiso 8.63 Ezbsystems Ultraiso 8.65 Ezbsystems Ultraiso 8.66 Ezbsystems Ultraiso 9.0 Ezbsystems Ultraiso 9.1.2 Ezbsystems Ultraiso 9.2 Ezbsystems Ultraiso 9.3 Ezbsystems Ultraiso 9.3.1 Ezbsystems Ultraiso 9.3.2 Ezbsystems Ultraiso *	54

Common Weakness Enumeration (CWE)

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Common Attack Pattern Enumeration and Classification (CAPEC)

Buffer Overflow via Environment Variables
This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
Overflow Buffers
Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
Client-side Injection-induced Buffer Overflow
This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
Filter Failure through Buffer Overflow
In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
MIME Conversion
An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Exploit-Db

description	UltraISO CCD File Parsing Buffer Overflow. CVE-2009-1260. Local exploit for windows platform
id	EDB-ID:16666
last seen	2016-02-02
modified	2010-04-30
published	2010-04-30
reporter	metasploit
source	https://www.exploit-db.com/download/16666/
title	UltraISO CCD File Parsing Buffer Overflow

description	UltraISO <= 9.3.3.2685 CCD/IMG Universal Buffer Overflow Exploit. CVE-2009-1257,CVE-2009-1260. Local exploit for windows platform
file	exploits/windows/local/8343.pl
id	EDB-ID:8343
last seen	2016-02-01
modified	2009-04-03
platform	windows
port
published	2009-04-03
reporter	SkD
source	https://www.exploit-db.com/download/8343/
title	UltraISO <= 9.3.3.2685 CCD/IMG Universal Buffer Overflow Exploit
type	local

Metasploit

description	This module exploits a stack-based buffer overflow in EZB Systems, Inc's UltraISO. When processing .CCD files, data is read from file into a fixed-size stack buffer. Since no bounds checking is done, a buffer overflow can occur. Attackers can execute arbitrary code by convincing their victim to open an CCD file. NOTE: A file with the same base name, but the extension of "img" must also exist. Opening either file will trigger the vulnerability, but the files must both exist.
id	MSF:EXPLOIT/WINDOWS/FILEFORMAT/ULTRAISO_CCD
last seen	2020-03-09
modified	2017-07-24
published	2010-03-24
references	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1260
reporter	Rapid7
source	https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/fileformat/ultraiso_ccd.rb
title	UltraISO CCD File Parsing Buffer Overflow

Packetstorm

data source	https://packetstormsecurity.com/files/download/87623/ultraiso_ccd.rb.txt
id	PACKETSTORM:87623
last seen	2016-12-05
published	2010-03-25
reporter	jduck
source	https://packetstormsecurity.com/files/87623/UltraISO-CCD-File-Parsing-Buffer-Overflow.html
title	UltraISO CCD File Parsing Buffer Overflow

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

Exploit-Db

Metasploit

Packetstorm

References