Altera High Level Synthesis Compiler DLL Planting Vulnerability

A DLL planting vulnerability has been identified in the Altera High Level Synthesis Compiler for Windows, specifically in versions up to 24.3. This vulnerability arises from an uncontrolled search path element, allowing malicious DLLs to be planted and potentially executed. The issue is present in a batch file within a design example, and the Linux version of the compiler is not affected.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of malicious DLLs, potentially allowing for privilege escalation.

Remediation

Altera recommends replacing the build.bat file in the affected design example with a version that does not contain the vulnerability. Additionally, write access to the 'C:\quartus\bin64' directory should be restricted to system administrators only.