Secunia Research has discovered three vulnerabilities in UltraISO, which can be exploited by malicious people to compromise a user’s system. A boundary error when parsing CIF files can be exploited to overflow a global buffer by tricking a user into opening a specially crafted CIF file. A boundary error when parsing C2D files can be exploited to overflow a global buffer by tricking a user into opening a specially crafted C2D file. Insufficient validation when parsing GI files can be exploited to overflow a global buffer by tricking a user into opening a specially crafted GI file. Successful exploitation allows execution of arbitrary code. UltraISO version 9.3.1.2633 is affected.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/76280/secunia-ultraisoimage.txt
Source: https://packetstormsecurity.com/files/76280/Secunia-Research-UltraISO-Image-Parsing.html