Cisco Talos recently discovered a memory corruption vulnerability in PowerISO.
TALOS-2022-1644 (CVE-2022-41992) is a memory corruption vulnerability that exists in the VHD File Format parsing functionality of PowerISO 8.3. A specially crafted file can lead to an out-of-bounds write. A victim needs to open a malicious file to trigger this vulnerability. The vulnerability exists because the "Num of blocks" value from the CXSPARSE record is not validated properly. An attacker can control the loop counter leading to arbitrary memory write.
Cisco Talos worked with PowerISO to ensure that these issues are resolved and an update is available for affected customers, all in adherence to Cisco’s vulnerability disclosure policy.
Although PowerISO has fixed this issue, they did not change the version number on the fixed release. Users should confirm that they are running PowerISO, version 8.3 with the most recent bug fixes. Talos tested and confirmed this version of PowerISO could be exploited by this vulnerability.
The following Snort rules will detect exploitation attempts against this vulnerability: 60805-60806. Additional rules may be released in the future and current rules are subject to change, pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.