Rufus
Monthly
Arbitrary code execution with Administrator privileges in Rufus versions 4.11 and below due to a race condition in PowerShell script handling within the %TEMP% directory. A local attacker can replace the legitimate Fido script with malicious code between file creation and execution, since Rufus runs elevated but writes to a world-writable location without file locking. Public exploit code exists for this vulnerability, which is fixed in version 4.12_BETA.
Arbitrary code execution with Administrator privileges in Rufus versions 4.11 and below due to a race condition in PowerShell script handling within the %TEMP% directory. A local attacker can replace the legitimate Fido script with malicious code between file creation and execution, since Rufus runs elevated but writes to a world-writable location without file locking. Public exploit code exists for this vulnerability, which is fixed in version 4.12_BETA.