Impact
A flaw in the kernel driver bootpt64.sys of Ezbsystems UltraISO Premium Edition up to 9.76 permits a local user to manipulate hidden functionality that results in improper access controls. This flaw can be exploited by an attacker with local access to elevate privileges on the affected system.
Affected Systems
The vulnerability affects Ezbsystems UltraISO Premium Edition versions up to 9.76. Those systems that run the bootpt64.sys driver are susceptible; no specific subversions are listed beyond the 9.76 cut‑off.
Risk and Exploitability
The flaw carries a CVSS score of 8.5, indicating a high severity. The EPSS score is not available, and the vulnerability is not listed in CISA KEV, which suggests limited evidence of real‑world exploitation. However, the requirement for local access and the lack of a publicly known exploit means the attack vector is likely internal. If an attacker can run code locally on the host, they could gain elevated privileges through the driver’s improper access controls.
OpenCVE Enrichment