← back
CVE-2026-12786

Ezbsystems UltraISO Premium Edition Kernel Driver bootpt64.sys access control

CVSS 8.5 HIGHEPSS 0.1%CWE-266CWE-284
A vulnerability has been found in Ezbsystems UltraISO Premium Edition up to 9.76. Affected by this issue is some unknown functionality in the library bootpt64.sys of the component Kernel Driver. The manipulation leads to improper access controls. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
Affected products
Ezbsystems · UltraISO Premium Edition
public PoCs found1
cve_referencewinslow1984.com/books/cve-collection/page/ultraiso-premium-976-kernel-driver-bootpt64sys-local-privilege-escalationunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://vuldb.com/cve/CVE-2026-12786https://vuldb.com/submit/835614https://vuldb.com/vuln/372528https://vuldb.com/vuln/372528/ctihttps://winslow1984.com/books/cve-collection/page/ultraiso-premium-976-kernel-driver-bootpt64sys-local-privilege-escalation