CVE-2009-1260

Exp

Multiple stack-based buffer overflows in UltraISO 9.3.3.2685 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted (1) CCD or (2) IMG file.

Published: 2009-04-07 Last update: 2026-04-23 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2009-1260 is rated High Exploit Risk (84.5/100): CVSS Critical severity, with high exploitation likelihood (EPSS 74.52%, 99th percentile). 2 public exploit reference(s) are indexed (Exploit-DB). Public exploits are available—assess exposure, apply mitigations, and prioritize patching.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Public exploit references (Exploit-DB) for CVE-2009-1260

EDB-ID Source Kind Published Link
16666 exploit_db edb 2010-04-30 Exploit-DB ↗
8343 exploit_db edb 2009-04-03 Exploit-DB ↗

Exploit prediction scoring system (EPSS) score for CVE-2009-1260

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2025-03-30 76.82% 74.52% -2.30%
2 2025-03-29 74.52% 76.82% +2.30%
3 2025-03-19 74.52%

Full EPSS history (17 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2009-1260

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
9.3 2.0 HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:M)
Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:C)
Complete confidentiality impact.
Integrity impact (I:C)
Complete integrity impact.
Availability impact (A:C)
Complete availability impact.
 8.6 10.0 [email protected]

Weakness enumeration for CVE-2009-1260

Affected software / configurations for CVE-2009-1260

Vendor Product Version Raw CPE
ezbsystems ultraiso <= 9.3.3 cpe:2.3:a:ezbsystems:ultraiso:*:-:pe:*:*:*:*:*
ezbsystems ultraiso 3.1 cpe:2.3:a:ezbsystems:ultraiso:3.1:*:*:*:*:*:*:*
ezbsystems ultraiso 3.1_sr1 cpe:2.3:a:ezbsystems:ultraiso:3.1_sr1:*:*:*:*:*:*:*
ezbsystems ultraiso 3.1_sr2 cpe:2.3:a:ezbsystems:ultraiso:3.1_sr2:*:*:*:*:*:*:*
ezbsystems ultraiso 4.0 cpe:2.3:a:ezbsystems:ultraiso:4.0:*:*:*:*:*:*:*
ezbsystems ultraiso 4.1 cpe:2.3:a:ezbsystems:ultraiso:4.1:*:*:*:*:*:*:*
ezbsystems ultraiso 4.5 cpe:2.3:a:ezbsystems:ultraiso:4.5:*:*:*:*:*:*:*
ezbsystems ultraiso 5.0 cpe:2.3:a:ezbsystems:ultraiso:5.0:*:*:*:*:*:*:*
ezbsystems ultraiso 5.1 cpe:2.3:a:ezbsystems:ultraiso:5.1:*:*:*:*:*:*:*
ezbsystems ultraiso 5.55 cpe:2.3:a:ezbsystems:ultraiso:5.55:*:*:*:*:*:*:*
ezbsystems ultraiso 5.55_sr-1 cpe:2.3:a:ezbsystems:ultraiso:5.55_sr-1:*:*:*:*:*:*:*
ezbsystems ultraiso 5.55_sr-2 cpe:2.3:a:ezbsystems:ultraiso:5.55_sr-2:*:*:*:*:*:*:*
ezbsystems ultraiso 6.0 cpe:2.3:a:ezbsystems:ultraiso:6.0:*:*:*:*:*:*:*
ezbsystems ultraiso 6.1 cpe:2.3:a:ezbsystems:ultraiso:6.1:*:*:*:*:*:*:*
ezbsystems ultraiso 6.5 cpe:2.3:a:ezbsystems:ultraiso:6.5:*:*:*:*:*:*:*
ezbsystems ultraiso 6.51 cpe:2.3:a:ezbsystems:ultraiso:6.51:*:*:*:*:*:*:*
ezbsystems ultraiso 6.52 cpe:2.3:a:ezbsystems:ultraiso:6.52:*:*:*:*:*:*:*
ezbsystems ultraiso 6.52_sr-1 cpe:2.3:a:ezbsystems:ultraiso:6.52_sr-1:*:*:*:*:*:*:*
ezbsystems ultraiso 6.52_sr-2 cpe:2.3:a:ezbsystems:ultraiso:6.52_sr-2:*:*:*:*:*:*:*
ezbsystems ultraiso 6.56_sr-1 cpe:2.3:a:ezbsystems:ultraiso:6.56_sr-1:*:*:*:*:*:*:*
ezbsystems ultraiso 6.56_sr-2 cpe:2.3:a:ezbsystems:ultraiso:6.56_sr-2:*:*:*:*:*:*:*
ezbsystems ultraiso 7.0 cpe:2.3:a:ezbsystems:ultraiso:7.0:-:me:*:*:*:*:*
ezbsystems ultraiso 7.1 cpe:2.3:a:ezbsystems:ultraiso:7.1:-:me:*:*:*:*:*
ezbsystems ultraiso 7.5 cpe:2.3:a:ezbsystems:ultraiso:7.5:-:me:*:*:*:*:*
ezbsystems ultraiso 7.6 cpe:2.3:a:ezbsystems:ultraiso:7.6:-:me:*:*:*:*:*
ezbsystems ultraiso 7.21_sr-1 cpe:2.3:a:ezbsystems:ultraiso:7.21_sr-1:*:*:*:*:*:*:*
ezbsystems ultraiso 7.21_sr-2 cpe:2.3:a:ezbsystems:ultraiso:7.21_sr-2:*:*:*:*:*:*:*
ezbsystems ultraiso 7.22_me cpe:2.3:a:ezbsystems:ultraiso:7.22_me:*:*:*:*:*:*:*
ezbsystems ultraiso 7.23 cpe:2.3:a:ezbsystems:ultraiso:7.23:-:me:*:*:*:*:*
ezbsystems ultraiso 7.25 cpe:2.3:a:ezbsystems:ultraiso:7.25:-:me:*:*:*:*:*
ezbsystems ultraiso 7.51 cpe:2.3:a:ezbsystems:ultraiso:7.51:-:me:*:*:*:*:*
ezbsystems ultraiso 7.52 cpe:2.3:a:ezbsystems:ultraiso:7.52:-:me:*:*:*:*:*
ezbsystems ultraiso 7.55 cpe:2.3:a:ezbsystems:ultraiso:7.55:-:me:*:*:*:*:*
ezbsystems ultraiso 7.56 cpe:2.3:a:ezbsystems:ultraiso:7.56:-:me:*:*:*:*:*
ezbsystems ultraiso 7.62 cpe:2.3:a:ezbsystems:ultraiso:7.62:-:me:*:*:*:*:*
ezbsystems ultraiso 7.65 cpe:2.3:a:ezbsystems:ultraiso:7.65:-:me:*:*:*:*:*
ezbsystems ultraiso 7.65_sr-2 cpe:2.3:a:ezbsystems:ultraiso:7.65_sr-2:*:*:*:*:*:*:*
ezbsystems ultraiso 7.66 cpe:2.3:a:ezbsystems:ultraiso:7.66:-:me:*:*:*:*:*
ezbsystems ultraiso 8 cpe:2.3:a:ezbsystems:ultraiso:8:-:pe:*:*:*:*:*
ezbsystems ultraiso 8.2 cpe:2.3:a:ezbsystems:ultraiso:8.2:-:pe:*:*:*:*:*
ezbsystems ultraiso 8.6 cpe:2.3:a:ezbsystems:ultraiso:8.6:-:pe:*:*:*:*:*
ezbsystems ultraiso 8.12 cpe:2.3:a:ezbsystems:ultraiso:8.12:-:pe:*:*:*:*:*
ezbsystems ultraiso 8.51 cpe:2.3:a:ezbsystems:ultraiso:8.51:-:pe:*:*:*:*:*
ezbsystems ultraiso 8.61 cpe:2.3:a:ezbsystems:ultraiso:8.61:-:pe:*:*:*:*:*
ezbsystems ultraiso 8.62 cpe:2.3:a:ezbsystems:ultraiso:8.62:-:pe:*:*:*:*:*
ezbsystems ultraiso 8.63 cpe:2.3:a:ezbsystems:ultraiso:8.63:-:pe:*:*:*:*:*
ezbsystems ultraiso 8.65 cpe:2.3:a:ezbsystems:ultraiso:8.65:-:pe:*:*:*:*:*
ezbsystems ultraiso 8.66 cpe:2.3:a:ezbsystems:ultraiso:8.66:-:pe:*:*:*:*:*
ezbsystems ultraiso 9.0 cpe:2.3:a:ezbsystems:ultraiso:9.0:-:pe:*:*:*:*:*
ezbsystems ultraiso 9.1.2 cpe:2.3:a:ezbsystems:ultraiso:9.1.2:-:pe:*:*:*:*:*
ezbsystems ultraiso 9.2 cpe:2.3:a:ezbsystems:ultraiso:9.2:-:pe:*:*:*:*:*
ezbsystems ultraiso 9.3 cpe:2.3:a:ezbsystems:ultraiso:9.3:-:pe:*:*:*:*:*
ezbsystems ultraiso 9.3.1 cpe:2.3:a:ezbsystems:ultraiso:9.3.1:-:pe:*:*:*:*:*
ezbsystems ultraiso 9.3.2 cpe:2.3:a:ezbsystems:ultraiso:9.3.2:-:pe:*:*:*:*:*

References for CVE-2009-1260

cvelogic Threat Intelligence