mirror of
https://github.com/pbatard/rufus.git
synced 2025-06-04 00:29:00 -04:00
622e60659c
* Current Rufus and earlier versions (when compiled with MinGW) suffer from a side-loading vulnerability due to cfgmgr32.dll being attempted to be loaded from the same directory as the executable. This may result in someone being able to execute elevated malicious code if they already have gained user-level access to the platform and were able to drop an arbitrary cfgmgr32.dll in the same directory as rufus. * While we were able to address similar vulnerabilities using delay-loading, this method does not appear to work for MinGW with this specific DLL, so we remove all the implicit CM_ function calls, that result in automated DLL loading that cannot be mitigated, to replace them with direct DLL hooks, which are not subject to Windows' default (vulnerable) DLL lookup behaviour. We still add the def for the delay loading in case we manage to find how to delay load cfgmgr32 with MinGW in the future... * Fixes CVE-2025-26624 (https://github.com/pbatard/rufus/security/advisories/GHSA-p8p5-r296-g2jv). * This vulnerability was discovered by @EmperialX working with @Shauryae1337 and reported by @EmperialX. |
||
|---|---|---|
| .. | ||
| cfgmgr32.def | ||
| dwmapi.def | ||
| Makefile.am | ||
| Makefile.in | ||
| version.def | ||
| virtdisk.def | ||
| wininet.def | ||
| wintrust.def | ||