exploitDog

CVE-2019-1010100

Опубликовано: 19 июл. 2019

Источник: nvd

CVSS3: 7.8

CVSS2: 6.8

EPSS Низкий

Описание

Akeo Consulting Rufus 3.0 and earlier is affected by: DLL search order hijacking. The impact is: Arbitrary code execution WITH escalation of privilege. The component is: Executable installers, portable executables (ALL executables on the web site). The attack vector is: CAPEC-471, CWE-426, CWE-427.

Ссылки

http://seclists.org/oss-sec/2018/q2/146
Mailing List
Third Party Advisory
http://seclists.org/oss-sec/2018/q2/146
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:akeo:rufus:*:*:*:*:*:*:*:*

Версия до 3.0 (включая)

EPSS

Процентиль: 59%

0.00388

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-426

Связанные уязвимости

GHSA-v89q-99gq-qmgr

github

больше 3 лет назад

Akeo Consulting Rufus 3.0 and earlier is affected by: DLL search order hijacking. The impact is: Arbitrary code execution WITH escalation of privilege. The component is: Executable installers, portable executables (ALL executables on the web site). The attack vector is: CAPEC-471, CWE-426, CWE-427.

EPSS

Процентиль: 59%

0.00388

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-426