Akeo Consulting Rufus 3.0 and earlier is affected by: DLL search order hijacking. The impact is: Arbitrary code execution WITH escalation of privilege. The component is: Executable installers, portable executables (ALL executables on the web site). The attack vector is: CAPEC-471, CWE-426, CWE-427.
[
{
"product": "Rufus",
"vendor": "Akeo Consulting",
"versions": [
{
"status": "affected",
"version": "≤ 3.0"
}
]
}
]