Lookup for vulnerabilities affecting packages.
| Vulnerability_id | VCID-m44g-p9qr-3bck |
|---|
| Summary | Rufus is a utility that helps format and create bootable USB flash drives. A DLL hijacking vulnerability in Rufus 4.6.2208 and earlier versions allows an attacker loading and executing a malicious DLL with escalated privileges (since the executable has been granted higher privileges during the time of launch) due to the ability to inject a malicious `cfgmgr32.dll` in the same directory as the executable and have it side load automatically. This is fixed in commit `74dfa49`, which will be part of version 4.7. Users are advised to upgrade as soon as version 4.7 becomes available. There are no known workarounds for this vulnerability. |
|---|
| Aliases |
|
|---|
| Fixed_packages |
|
|---|
| Affected_packages |
|
|---|
| References |
|
|---|
| Weaknesses |
| 0 |
| cwe_id |
426 |
| name |
Untrusted Search Path |
| description |
The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control. |
|
| 1 |
| cwe_id |
427 |
| name |
Uncontrolled Search Path Element |
| description |
The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors. |
|
|
|---|
| Exploits |
|
|---|
| Severity_range_score | 6.8 - 6.8 |
|---|
| Exploitability | null |
|---|
| Weighted_severity | null |
|---|
| Risk_score | null |
|---|
| Resource_url | http://public2.vulnerablecode.io/vulnerabilities/VCID-m44g-p9qr-3bck |
|---|