CVE-2007-2888 - Vulnerability Details - OpenCVE

Stack-based buffer overflow in UltraISO 8.6.2.2011 and earlier allows user-assisted remote attackers to execute arbitrary code via a long FILE string (filename) in a .cue file, a related issue to CVE-2007-2761. NOTE: some details are obtained from third party information.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ezb Systems	Ultraiso

Configuration 1 [-]

cpe:2.3:a:ezb_systems:ultraiso:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://osvdb.org/36570
http://secunia.com/advisories/25384
http://www.securityfocus.com/bid/24140
https://exchange.xforce.ibmcloud.com/vulnerabilities/34485
https://www.exploit-db.com/exploits/3978

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-05-30T01:00:00

Updated: 2024-08-07T13:57:54.256Z

Reserved: 2007-05-29T00:00:00

Link: CVE-2007-2888

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-05-30T01:30:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-2888

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-05-24T00:00:00", "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in UltraISO 8.6.2.2011 and earlier allows user-assisted remote attackers to execute arbitrary code via a long FILE string (filename) in a .cue file, a related issue to CVE-2007-2761. NOTE: some details are obtained from third party information."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-10T00:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "24140", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/24140"}, {"name": "ultraiso-cuefile-bo(34485)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34485"}, {"name": "36570", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/36570"}, {"name": "25384", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25384"}, {"name": "3978", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/3978"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-2888", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Stack-based buffer overflow in UltraISO 8.6.2.2011 and earlier allows user-assisted remote attackers to execute arbitrary code via a long FILE string (filename) in a .cue file, a related issue to CVE-2007-2761. NOTE: some details are obtained from third party information."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "24140", "refsource": "BID", "url": "http://www.securityfocus.com/bid/24140"}, {"name": "ultraiso-cuefile-bo(34485)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34485"}, {"name": "36570", "refsource": "OSVDB", "url": "http://osvdb.org/36570"}, {"name": "25384", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25384"}, {"name": "3978", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/3978"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T13:57:54.256Z"}, "title": "CVE Program Container", "references": [{"name": "24140", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/24140"}, {"name": "ultraiso-cuefile-bo(34485)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34485"}, {"name": "36570", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/36570"}, {"name": "25384", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/25384"}, {"name": "3978", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/3978"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-2888", "datePublished": "2007-05-30T01:00:00", "dateReserved": "2007-05-29T00:00:00", "dateUpdated": "2024-08-07T13:57:54.256Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ezb_systems:ultraiso:*:*:*:*:*:*:*:*", "matchCriteriaId": "3298648D-3242-4FED-80AE-B89B86C86B9A", "versionEndIncluding": "8.6.2.2011", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in UltraISO 8.6.2.2011 and earlier allows user-assisted remote attackers to execute arbitrary code via a long FILE string (filename) in a .cue file, a related issue to CVE-2007-2761. NOTE: some details are obtained from third party information."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer basado en pila en UltraISO 8.6.2.2011 y anteriores permite a atacantes remotos con la intervenci\u00f3n del usuario ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una cadena de caracteres larga en FILE (nombre de archivo) en el archivo .cue, un problema relacionado con CVE-2007-2761. NOTA: algunos detalles han sido obtenidos de informaci\u00f3n de terceras partes."}], "evaluatorImpact": "Successful exploitation requires that the targeted user has the .BIN file in the same directory as the .CUE file.\r\n", "id": "CVE-2007-2888", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.6, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-05-30T01:30:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/36570"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://secunia.com/advisories/25384"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/24140"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34485"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/3978"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/36570"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "http://secunia.com/advisories/25384"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/24140"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34485"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/3978"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}