CVE-2007-2888

UltraISO <8.6.2.2011 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 5 public exploits for CVE-2007-2888. PoCs published by Metasploit, Thomas Pollet, n00b, including Metasploit module exploits/windows/fileformat/ultraiso_cue.

AI-analyzed exploit summary This Metasploit module exploits a stack-based buffer overflow in UltraISO by crafting a malicious .CUE file. It leverages a fixed offset and return address to execute arbitrary payloads when the file is opened.

Description

Stack-based buffer overflow in UltraISO 8.6.2.2011 and earlier allows user-assisted remote attackers to execute arbitrary code via a long FILE string (filename) in a .cue file, a related issue to CVE-2007-2761. NOTE: some details are obtained from third party information.

Exploits (5)

exploitdb WORKING POC VERIFIED
by Metasploit · rubylocalwindows
https://www.exploit-db.com/exploits/16627

This Metasploit module exploits a stack-based buffer overflow in UltraISO by crafting a malicious .CUE file. It leverages a fixed offset and return address to execute arbitrary payloads when the file is opened.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: UltraISO v8.6.2.2011 portable, UltraISO v8.6.0.1936
No auth needed
Prerequisites: Victim must open the malicious .CUE file · A corresponding .BIN file must exist
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Thomas Pollet · pythonlocalwindows
https://www.exploit-db.com/exploits/4002

This exploit targets a buffer overflow vulnerability in UltraISO by crafting a malicious .cue file with a long string of 'B' characters followed by a return address and shellcode. The shellcode is designed to execute calc.exe, demonstrating arbitrary code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: UltraISO (version not specified)
No auth needed
Prerequisites: Victim must open the malicious .cue file in UltraISO
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by n00b · c++localwindows
https://www.exploit-db.com/exploits/4001

This exploit targets a local buffer overflow in UltraISO <= 8.6.2.2011 by crafting malicious .cue and .bin files. It uses a hardcoded JMP ESP address and shellcode to execute calc.exe.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: UltraISO <= 8.6.2.2011
No auth needed
Prerequisites: Victim must open the malicious .cue file in UltraISO · Presence of the crafted .bin file in the same directory
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by n00b · perldoswindows
https://www.exploit-db.com/exploits/3978

This Perl script generates a malformed CUE file and a BIN file to trigger a stack-based buffer overflow in UltraISO 8.6.2.2011, allowing control over EIP and EBP registers. It demonstrates the vulnerability but does not include a full exploit payload.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: UltraISO 8.6.2.2011
No auth needed
Prerequisites: Victim must open the crafted CUE file in UltraISO · BIN file must be in the same directory as the CUE file
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GREAT
by n00b, jduck · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/ultraiso_cue.rb

This Metasploit module exploits a stack-based buffer overflow in UltraISO by crafting a malicious .CUE file. The exploit leverages a fixed-size stack buffer vulnerability to execute arbitrary code when the file is opened.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: UltraISO v8.6.2.2011 portable and v8.6.0.1936
No auth needed
Prerequisites: Victim must open the malicious .CUE file · A corresponding .BIN file must exist with the same base name
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/24140
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/34485
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/36570
Exploit, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/25384
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/3978

Scores

EPSS 0.8148
EPSS Percentile 99.2%

Details

Status published
Products (1)
ezb_systems/ultraiso < 8.6.2.2011
Published May 30, 2007
Tracked Since Feb 18, 2026