CVE-2018-25267
Received Received - Intake
Local Buffer Overflow in UltraISO 9.7.1 Causes DoS Crash

Publication date: 2026-04-22

Last updated on: 2026-04-29

Assigner: VulnCheck

Description
UltraISO 9.7.1.3519 contains a local buffer overflow vulnerability in the Output FileName field of the Make CD/DVD Image dialog that allows attackers to overwrite SEH and SE handler records. Attackers can craft a malicious filename string with 304 bytes of data followed by SEH record overwrite values and paste it into the Output FileName field to trigger a denial of service crash.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-22
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-04-22
EPSS Evaluated
2026-06-14
NVD
CVE-2018-25267
EUVD
EUVD-2018-21783
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ezbsystems ultraiso 9.7.1.3519
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in UltraISO version 9.7.1.3519 and is a local buffer overflow issue in the Output FileName field of the Make CD/DVD Image dialog.

An attacker can exploit this by crafting a malicious filename string containing 304 bytes of data followed by values that overwrite the Structured Exception Handler (SEH) records.

When this specially crafted filename is pasted into the Output FileName field, it triggers a denial of service crash by overwriting SEH and SE handler records.

Impact Analysis

The primary impact of this vulnerability is a denial of service (DoS) condition.

By exploiting the buffer overflow in the Output FileName field, an attacker can cause the UltraISO application to crash, potentially disrupting normal operations.

Since the vulnerability requires local access and does not affect confidentiality or integrity, the impact is limited to availability.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Detection Guidance

This vulnerability is a local buffer overflow in the Output FileName field of the Make CD/DVD Image dialog in UltraISO 9.7.1.3519 and earlier. Detection involves identifying attempts to input a specially crafted filename string containing 304 bytes of data followed by SEH overwrite values.

Since the attack is local and triggered by user input in the application, network detection is unlikely. Instead, monitoring the UltraISO application for crashes or abnormal behavior when using the Make CD/DVD Image feature can help detect exploitation attempts.

No specific commands are provided in the available resources to detect this vulnerability automatically. However, you can monitor UltraISO process crashes or use application behavior monitoring tools to detect abnormal termination related to this buffer overflow.

Mitigation Strategies

To mitigate this vulnerability, avoid using the Output FileName field in the Make CD/DVD Image dialog with untrusted or specially crafted input that could trigger the buffer overflow.

Since the vulnerability is local and requires interaction with the UltraISO application, restricting access to UltraISO or upgrading to a version where this vulnerability is fixed (such as versions later than 9.7.1.3519) is recommended.

Monitor for updates or patches from UltraISO and apply them promptly to address this security issue.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2018-25267. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart