Local Privilege Escalation in Rufus 4.6 and previous versions

Rufus is a utility that helps format and create bootable USB flash drives. A DLL hijacking vulnerability in Rufus 4.6.2208 and earlier versions allows an attacker loading and executing a malicious DLL with escalated privileges (since the executable has been granted higher privileges during the time of launch) due to the ability to inject a malicious `cfgmgr32.dll` in the same directory as the executable and have it side load automatically. This is fixed in commit `74dfa49`, which will be part of version 4.7. Users are advised to upgrade as soon as version 4.7 becomes available. There are no known workarounds for this vulnerability.

N/A

不可信的搜索路径

Rufus 代码问题漏洞

Rufus是Pete Batard个人开发者的一个可靠的 USB 格式化工具。 Rufus 4.6.2208版本及之前版本存在代码问题漏洞，该漏洞源于未正确验证DLL加载路径。攻击者利用该漏洞可以执行恶意代码。

N/A

N/A