CVE-2026-12786
Received Received - Intake
Improper Access Control in Ezbsystems UltraISO Kernel Driver

Publication date: 2026-06-21

Last updated on: 2026-06-21

Assigner: VulDB

Description
A vulnerability has been found in Ezbsystems UltraISO Premium Edition up to 9.76. Affected by this issue is some unknown functionality in the library bootpt64.sys of the component Kernel Driver. The manipulation leads to improper access controls. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-21
Last Modified
2026-06-21
Generated
2026-06-21
AI Q&A
2026-06-21
EPSS Evaluated
N/A
NVD
CVE-2026-12786
EUVD
EUVD-2026-38150
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ezbsystems ultraiso_premium_edition to 9.76 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CWE-266 A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-12786 is a local privilege escalation vulnerability found in Ezbsystems UltraISO Premium Edition up to version 9.76. It involves a signed kernel driver named bootpt64.sys that exposes a device called \\.\BootPart to standard users. This exposure allows users to mount physical disk ranges and perform read and write operations on the disk at a raw level without proper Windows access checks.

Because the driver opens the disk handle in kernel context without enforcing access controls, a standard user can read or write protected files by accessing disk sectors directly. This improper access control enables an unprivileged user to escalate their privileges locally by manipulating disk data that should be protected.

Impact Analysis

This vulnerability allows a local user with limited privileges to gain higher privileges on the affected system. By exploiting the improper access controls in the bootpt64.sys driver, an attacker can read and write protected files and disk sectors that are normally restricted.

Such privilege escalation can lead to unauthorized access to sensitive data, modification of system files, and potentially full control over the affected machine. This can compromise system integrity, confidentiality, and availability.

Detection Guidance

This vulnerability can be detected by checking for the presence of the signed kernel driver named bootpt64.sys used by UltraISO Premium Edition up to version 9.76. Specifically, you can verify if the device \\.\BootPart is accessible to standard users, which indicates the vulnerability.

Commands to help detect this include checking loaded drivers and device access permissions. For example, on Windows systems:

  • Use 'sc queryex type= driver' to list loaded drivers and check for bootpt64.sys.
  • Use 'icacls \\.\BootPart' to check the access control list on the BootPart device.
  • Attempt to open the device from a standard user context using PowerShell or a tool like Handle from Sysinternals to see if access is granted.

If standard users can open \\.\BootPart and perform read/write operations, the system is vulnerable.

Mitigation Strategies

Immediate mitigation steps include restricting access to the BootPart device to prevent standard users from opening it.

Specifically:

  • Modify the device's access control list (ACL) to remove Builtin Users or any non-administrative groups from accessing \\.\BootPart.
  • Disable or uninstall the vulnerable UltraISO Premium Edition version 9.76 or earlier until a patch is available.
  • Monitor for unusual read/write activity on physical disk devices that could indicate exploitation attempts.

The vendor has not responded with a patch, so these access restrictions and usage limitations are critical to reduce risk.

Compliance Impact

This vulnerability allows local users to escalate privileges by bypassing access controls on protected disk resources, potentially leading to unauthorized access and modification of sensitive data.

Such unauthorized access and data manipulation could result in violations of data protection regulations and standards like GDPR and HIPAA, which require strict controls over access to sensitive personal and health information.

Therefore, exploitation of this vulnerability may compromise compliance with these regulations by enabling attackers to access or alter protected data without proper authorization.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-12786. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart