机窝安全--EZB Systems UltraISO ISO Parsing Code Execution Vulnerability

Talos Vulnerability Report

TALOS-2017-0342

EZB Systems UltraISO ISO Parsing Code Execution Vulnerability

AUGUST 1, 2017

CVE NUMBER

CVE-2017-2840

Summary

An buffer overflow vulnerability exists in the ISO parsing functionality of EZB Systems UltraISO 9.6.6.3300. A specially crafted .ISO file can cause a vulnerability resulting in potential code execution. An attacker can provide a specific .ISO file to trigger this vulnerability.

Tested Versions

UltraISO 9.6.6.3300

Product URLs

https://www.ezbsystems.com/ultraiso

CVSSv3 Score

8.8 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

This vulnerability can be triggered by providing specially crafted .ISO file and opening it with UltraISO software.

After the "NM" entry is located in the .ISO file UltraISO executes _strncpy function with maxlen argument calculated directly from the ISO header's byte field NM_hdr.len - the length of the alternate name.

UltraISO assumes this field is always larger than 5 bytes however if attacker forces it to be less than that value the maxlen parameter for the _strncpy function will be extremely big (NM_hdr.len - 5, result is unsigned).

Later the memset function (inside the _strncpy function) is executed where the extremely big size parameter is used which leads to memory corruption.

Crash Information

评论

发表评论


顶	踩