CVE-2022-32168
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Notepad++ versions 8.4.1 and before are vulnerable to DLL hijacking where an attacker can replace the vulnerable dll (UxTheme.dll) with his own dll and run arbitrary code in the context of Notepad++.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| notepad-plus-plus | notepad-plus-plus | v8.3 < unspecified | affected |
| notepad-plus-plus | notepad-plus-plus | unspecified <= v8.4.4 | affected |
Weaknesses
- CWE-427: CWE-427 Uncontrolled Search Path Element
ADP Enrichment
CVE Program Container
Additional References
- https://www.mend.io/vulnerability-database/CVE-2022-32168
- https://github.com/notepad-plus-plus/notepad-plus-plus/commit/85d7215d9b3e0d5a8433fc31aec4f2966821051e
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://www.mend.io/vulnerability-database/CVE-2022-32168
- https://github.com/notepad-plus-plus/notepad-plus-plus/commit/85d7215d9b3e0d5a8433fc31aec4f2966821051e
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.