Altera Quartus Prime Standard and Lite Installers Uncontrolled Search Path Element Vulnerability

A search order hijacking vulnerability has been identified in the Altera Quartus Prime Standard and Lite Edition Installers (SFX) for Windows, versions 23.1 through 24.1. This vulnerability allows for a binary planting attack, where malicious binaries can be planted and potentially executed, leading to unauthorized actions or privilege escalation. The issue does not affect the Linux versions of Quartus Prime.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation by allowing malicious binaries to be executed with elevated rights.

Remediation

Users are advised to upgrade to Quartus 25.1 Standard Edition or Quartus 25.1 Lite Edition. For those using older versions, downloading the individual installation files directly from the Altera download page will avoid this vulnerability, as these files are not affected.