UltraISO Buffer Overflow Vulnerability Leading to Denial-of-Service

A local buffer overflow vulnerability has been identified in UltraISO version 9.7.1.3519. The issue resides in the Output FileName field of the Make CD/DVD Image dialog. This vulnerability allows attackers to overwrite Structured Exception Handling (SEH) records, leading to a denial-of-service condition where the application crashes. Exploitation involves crafting a filename string that includes 304 bytes of data followed by values that overwrite the SEH record, which can then be pasted into the Output FileName field to trigger the crash.

Impact

Exploitation of this vulnerability causes the application to crash, creating a denial-of-service condition.

Reproduction

To reproduce this vulnerability, first run a Python script that generates a payload consisting of 304 bytes of 'A' characters followed by 8 bytes of 'B' and 'C' characters, which overwrite the SEH record. Save this payload to a text file. Then, open UltraISO and navigate to 'Tools' > 'Make CD/DVD Image'. Remove the default path in the Output FileName field and paste the contents of the text file into the field. Click 'Make' to trigger the crash.