CVE-2018-25267
Local Buffer Overflow in UltraISO 9.7.1 Causes DoS Crash
Publication date: 2026-04-22
Last updated on: 2026-04-29
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ezbsystems | ultraiso | 9.7.1.3519 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability is a local buffer overflow in the Output FileName field of the Make CD/DVD Image dialog in UltraISO 9.7.1.3519 and earlier. Detection involves identifying attempts to input a specially crafted filename string containing 304 bytes of data followed by SEH overwrite values.
Since the attack is local and triggered by user input in the application, network detection is unlikely. Instead, monitoring the UltraISO application for crashes or abnormal behavior when using the Make CD/DVD Image feature can help detect exploitation attempts.
No specific commands are provided in the available resources to detect this vulnerability automatically. However, you can monitor UltraISO process crashes or use application behavior monitoring tools to detect abnormal termination related to this buffer overflow.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, avoid using the Output FileName field in the Make CD/DVD Image dialog with untrusted or specially crafted input that could trigger the buffer overflow.
Since the vulnerability is local and requires interaction with the UltraISO application, restricting access to UltraISO or upgrading to a version where this vulnerability is fixed (such as versions later than 9.7.1.3519) is recommended.
Monitor for updates or patches from UltraISO and apply them promptly to address this security issue.
Can you explain this vulnerability to me?
This vulnerability exists in UltraISO version 9.7.1.3519 and is a local buffer overflow issue in the Output FileName field of the Make CD/DVD Image dialog.
An attacker can exploit this by crafting a malicious filename string containing 304 bytes of data followed by values that overwrite the Structured Exception Handler (SEH) records.
When this specially crafted filename is pasted into the Output FileName field, it triggers a denial of service crash by overwriting SEH and SE handler records.
How can this vulnerability impact me? :
The primary impact of this vulnerability is a denial of service (DoS) condition.
By exploiting the buffer overflow in the Output FileName field, an attacker can cause the UltraISO application to crash, potentially disrupting normal operations.
Since the vulnerability requires local access and does not affect confidentiality or integrity, the impact is limited to availability.