PT-2006-3079 · Epuz · Ultraiso

Sowhat

Published

2006-04-29

Updated

2018-10-18

CVE-2006-2099

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions UltraISO version 8.0.0.1392

Description The issue allows remote attackers to write arbitrary files via a .. (dot dot) in a filename in an ISO image, potentially leading to unauthorized file system modifications.

Recommendations For UltraISO version 8.0.0.1392, consider avoiding the use of ISO images from untrusted sources until a patch is available. As a temporary workaround, restrict access to sensitive file systems to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-2099

Affected Products

Ultraiso

PT-2006-3079 · Epuz · Ultraiso

CVE-2006-2099

Related Identifiers

Affected Products

References · 10