Lucene search
JpcertCVELIST:CVE-2022-46662HistoryDec 21, 2022 - 12:00 a.m.
CVE-2022-46662
2022-12-2100:00:00
jpcert
www.cve.org
roxio creator
ljb
unquoted file path
vulnerability
windows service
executable
privilege escalation
0.001 Low
EPSS
Percentile
40.6%
Roxio Creator LJB starts another program with an unquoted file path. Since a registered Windows service path contains spaces and are unquoted, if a malicious executable is placed on a certain path, the executable may be executed with the privilege of the Windows service. The affected product and versions are as follows: Roxio Creator LJB version number 12.2 build number 106B62B, version number 12.2 build number 106B63A, version number 12.2 build number 106B69A, version number 12.2 build number 106B71A, and version number 12.2 build number 106B74A)
CNA Affected
[
{
"vendor": "Corel Corporation",
"product": "Roxio Creator LJB",
"versions": [
{
"version": "version number 12.2 build number 106B62B, version number 12.2 build number 106B63A, version number 12.2 build number 106B69A, version number 12.2 build number 106B71A, and version number 12.2 build number 106B74A",
"status": "affected"
}
]
}
]Related
jvn
jvn
nvd
nvd
CVE-2022-46662
2022-12-21 09:15:08
prion
prion
Design/Logic Flaw
2022-12-21 09:15:00
cve
cve
CVE-2022-46662
2022-12-21 09:15:08