Lucene search

GoogleOSV:CVE-2022-32168

HistorySep 28, 2022 - 9:15 a.m.

CVE-2022-32168

2022-09-2809:15:09

Google

osv.dev

notepad++

version 8.4.1

dll hijacking

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.1%

JSON

Notepad++ versions 8.4.1 and before are vulnerable to DLL hijacking where an attacker can replace the vulnerable dll (UxTheme.dll) with his own dll and run arbitrary code in the context of Notepad++.

CPENameOperatorVersion
notepad-plus-pluseq8.1.5
notepad-plus-pluseq6.8.1
notepad-plus-pluseq6.2
notepad-plus-pluseq6
notepad-plus-pluseq6.8.3
notepad-plus-pluseq8.4.5
notepad-plus-pluseq5.6.5
notepad-plus-pluseq7.8.2
notepad-plus-pluseq8.3.1
notepad-plus-pluseq6.1.1

Name	Operator	Version
notepad-plus-plus	eq	8.1.5
notepad-plus-plus	eq	6.8.1
notepad-plus-plus	eq	6.2
notepad-plus-plus	eq	6
notepad-plus-plus	eq	6.8.3
notepad-plus-plus	eq	8.4.5
notepad-plus-plus	eq	5.6.5
notepad-plus-plus	eq	7.8.2
notepad-plus-plus	eq	8.3.1
notepad-plus-plus	eq	6.1.1

Rows per page:

1-10 of 1771

References

github.com/notepad-plus-plus/notepad-plus-plus/commit/85d7215d9b3e0d5a8433fc31aec4f2966821051e

www.mend.io/vulnerability-database/CVE-2022-32168

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.1%

JSON

Related for OSV:CVE-2022-32168