Description
Akeo Consulting Rufus 3.0 and earlier is affected by: DLL search order hijacking. The impact is: Arbitrary code execution WITH escalation of privilege. The component is: Executable installers, portable executables (ALL executables on the web site). The attack vector is: CAPEC-471, CWE-426, CWE-427.
Affected products
- Akeo Consulting / Rufus≤ 3.0 – ≤ 3.0
References
- MAILING_LISThttp://seclists.org/oss-sec/2018/q2/146