CVE-2009-1257

Magic ISO Maker 5.5 build 0274 - Heap-Based Buffer Overflow via Crafted CCD File

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2009-1257. PoCs published by Stack, SkD.

AI-analyzed exploit summary This exploit targets a heap overflow vulnerability in MagicISO's handling of CCD/CUE files. It crafts malicious files to trigger a crash, potentially allowing arbitrary code execution via controlled register overwrites.

Description

Heap-based buffer overflow in Magic ISO Maker 5.5 build 0274 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted CCD file.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Stack · perldoswindows
https://www.exploit-db.com/exploits/8462

This exploit targets a heap overflow vulnerability in MagicISO's handling of CCD/CUE files. It crafts malicious files to trigger a crash, potentially allowing arbitrary code execution via controlled register overwrites.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Theoretical
Target: MagicISO (version not specified)
No auth needed
Prerequisites: Victim must open the malicious CCD/CUE file in MagicISO
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by SkD · perllocalwindows
https://www.exploit-db.com/exploits/8343

This exploit targets a buffer overflow vulnerability in UltraISO <= 9.3.3.2685 by crafting a malicious CCD/IMG file. The exploit triggers arbitrary code execution when the file is opened in UltraISO.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: UltraISO <= 9.3.3.2685
No auth needed
Prerequisites: Victim must open the malicious CCD/IMG file in UltraISO
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/49673
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34595
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/53262
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/0940
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/8343
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/34574

Scores

EPSS 0.1388
EPSS Percentile 96.0%

Details

CWE
CWE-119
Status published
Products (1)
magic_iso_maker/magic_iso_maker 5.5
Published Apr 07, 2009
Tracked Since Feb 18, 2026