Xerubus

**Name of the Vulnerable Software and Affected Versions** Vyaire Medical CareFusion Upgrade Utility versions 2.0.2.2 and prior versions **Description** A security issue was found in the Vyaire Medical CareFusion Upgrade Utility, where an uncontrolled search path element allows for a potential exploit. This issue can be exploited if a local user installs a crafted DLL on the target machine, giving the attacker access at the same privilege level as the application. **Recommendations** For versions 2.0.2.2 and prior, consider restricting access to the Upgrade Utility until a fix is available, and avoid installing any untrusted DLLs on the system. At the moment, there is no information about a newer version that contains a fix for this vulnerability.