oss-sec mailing list archives
CVE request: rufus
From: "Stefan Kanthak" <stefan.kanthak () nexgo de>
Date: Thu, 31 May 2018 18:05:19 +0200
Hi @ll, like its predecessors, the recently (2018-05-29) published version 3.0 of "Rufus" (<https://rufus.akeo.ie/downloads/rufus-3.0.exe> and <https://rufus.akeo.ie/downloads/rufus-3.0p.exe>) is riddled with bloody beginners errors, which allow arbitrary code execution WITH escalation of privilege. Vulnerability #1 ~~~~~~~~~~~~~~~~ See <https://cwe.mitre.org/data/definitions/426.html> and <https://cwe.mitre.org/data/definitions/427.html> plus <https://capec.mitre.org/data/definitions/471.html>. Additionally see Microsoft's developer guidance <https://technet.microsoft.com/en-us/library/2269637.aspx>, <https://msdn.microsoft.com/en-us/library/ff919712.aspx>, <https://msdn.microsoft.com/en-us/library/ms682586.aspx> und <http://blogs.technet.com/b/srd/archive/2014/05/13/load-library-safely.aspx> for avoiding this bloody beginner's error. Also see <https://insights.sei.cmu.edu/cert/2008/09/carpet-bombing-and-directory-poisoning.html> and <http://blog.acrossecurity.com/2012/02/downloads-folder-binary-planting.html> plus <https://insights.sei.cmu.edu/cert/2016/06/bypassing-application-whitelisting.html> for "prior art". Vulnerability #2 ~~~~~~~~~~~~~~~~ See <https://cwe.mitre.org/data/definitions/377.html> and <https://cwe.mitre.org/data/definitions/379.html> plus <https://capec.mitre.org/data/definitions/29.html> stay tuned Stefan Kanthak
Current thread:
- CVE request: rufus Stefan Kanthak (May 31)
- Re: CVE request: rufus Pete Batard (May 31)
- Re: CVE request: rufus Stefan Kanthak (May 31)
- Re: CVE request: rufus Solar Designer (May 31)
- Re: CVE request: rufus Pete Batard (May 31)
- Re: CVE request: rufus Stefan Kanthak (Jun 01)
- Re: Re: CVE request: rufus Henri Salo (Jun 01)
- Re: Re: CVE request: rufus Lionel Debroux (Jun 01)
- Re: CVE request: rufus Stefan Kanthak (May 31)
- Re: CVE request: rufus Pete Batard (May 31)