CVE-2022-32168

Summary

Notepad++ versions 8.4.1 and before are vulnerable to DLL hijacking where an attacker can replace the vulnerable dll (UxTheme.dll) with his own dll and run arbitrary code in the context of Notepad++.

Affected Software

VendorProductVersion RangeStatus
notepad-plus-plusnotepad-plus-plusv8.3 < unspecifiedaffected
notepad-plus-plusnotepad-plus-plusunspecified <= v8.4.4affected

Weaknesses

  • CWE-427: CWE-427 Uncontrolled Search Path Element

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References