Описание
Multiple format string vulnerabilities in UltraISO 9.3.1.2633, and possibly other versions before 9.3.3.2685, allow user-assisted attackers to execute arbitrary code via format string specifiers in the filename of a (1) DAA or (2) ISZ file.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Patch
- Vendor Advisory
- Vendor Advisory
- Patch
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:ezbsystems:ultraiso:9.3.1.2633:*:*:*:*:*:*:*
EPSS
Процентиль: 75%
0.00904
Низкий
9.3 Critical
CVSS2
Дефекты
CWE-134
Связанные уязвимости
github
почти 4 года назад
Multiple format string vulnerabilities in UltraISO 9.3.1.2633, and possibly other versions before 9.3.3.2685, allow user-assisted attackers to execute arbitrary code via format string specifiers in the filename of a (1) DAA or (2) ISZ file.
EPSS
Процентиль: 75%
0.00904
Низкий
9.3 Critical
CVSS2
Дефекты
CWE-134