Description
A vulnerability has been found in Ezbsystems UltraISO Premium Edition up to 9.76. Affected by this issue is some unknown functionality in the library bootpt64.sys of the component Kernel Driver. The manipulation leads to improper access controls. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-06-21
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in the kernel driver bootpt64.sys of Ezbsystems UltraISO Premium Edition up to 9.76 permits a local user to manipulate hidden functionality that results in improper access controls. This flaw can be exploited by an attacker with local access to elevate privileges on the affected system.

Affected Systems

The vulnerability affects Ezbsystems UltraISO Premium Edition versions up to 9.76. Those systems that run the bootpt64.sys driver are susceptible; no specific subversions are listed beyond the 9.76 cut‑off.

Risk and Exploitability

The flaw carries a CVSS score of 8.5, indicating a high severity. The EPSS score is not available, and the vulnerability is not listed in CISA KEV, which suggests limited evidence of real‑world exploitation. However, the requirement for local access and the lack of a publicly known exploit means the attack vector is likely internal. If an attacker can run code locally on the host, they could gain elevated privileges through the driver’s improper access controls.

Generated by OpenCVE AI on June 21, 2026 at 10:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Identify all installations of UltraISO Premium Edition on the network and remove or disable the bootpt64.sys kernel driver until a fix is released.
  • Enforce strict file permissions so that only administrators can load the driver; use Device Guard or similar policies to block unauthorized kernel modules.
  • Monitor official Ezbsystems channels and vulnerability databases for an update or patch, and upgrade the software as soon as a fix becomes available.
  • Apply a least‑privilege model by restricting user accounts from running UltraISO with elevated privileges.

Generated by OpenCVE AI on June 21, 2026 at 10:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 22 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Sun, 21 Jun 2026 09:00:00 +0000

Type Values Removed Values Added
Description A vulnerability has been found in Ezbsystems UltraISO Premium Edition up to 9.76. Affected by this issue is some unknown functionality in the library bootpt64.sys of the component Kernel Driver. The manipulation leads to improper access controls. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title Ezbsystems UltraISO Premium Edition Kernel Driver bootpt64.sys access control
First Time appeared Ezbsystems
Ezbsystems ultraiso Premium Edition
Weaknesses CWE-266
CWE-284
CPEs cpe:2.3:a:ezbsystems:ultraiso_premium_edition:*:*:*:*:*:*:*:*
Vendors & Products Ezbsystems
Ezbsystems ultraiso Premium Edition
References
Metrics cvssV2_0

{'score': 6.8, 'vector': 'AV:L/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.8, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}


Subscriptions

Ezbsystems Ultraiso Premium Edition
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-22T13:37:02.522Z

Reserved: 2026-06-20T09:54:11.353Z

Link: CVE-2026-12786

cve-icon Vulnrichment

Updated: 2026-06-22T13:36:58.121Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-23T21:03:52Z

Weaknesses
  • CWE-266

    Incorrect Privilege Assignment

  • CWE-284

    Improper Access Control