CVEs-PoC/2017/CVE-2017-13083.md

### [CVE-2017-13083](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13083)
![](https://img.shields.io/static/v1?label=Product&message=Rufus&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-295%3A%20Improper%20Certificate%20Validation%0A&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-345%3A%20Insufficient%20Verification%20of%20Data%20Authenticity&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-347%3A%20Improper%20Verification%20of%20Cryptographic%20Signature&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-494%3A%20Download%20of%20Code%20Without%20Integrity%20Check&color=brighgreen)

### Description

Akeo Consulting Rufus prior to version 2.17.1187 does not adequately validate the integrity of updates downloaded over HTTP, allowing an attacker to easily convince a user to execute arbitrary code

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/ARPSyndicate/cvemon