Title: Critical Vulnerability in Akeo Consulting Rufus 3.0 and Earlier: DLL Search Order Hijacking Enables Arbitrary Code Execution with Privilege Escalation

CVE-2019-1010100 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

Akeo Consulting Rufus 3.0 and earlier is affected by: DLL search order hijacking. The impact is: Arbitrary code execution WITH escalation of privilege. The component is: Executable installers, portable executables (ALL executables on the web site). The attack vector is: CAPEC-471, CWE-426, CWE-427.

Learn more about our Web App Pen Testing.