Notepad++ versions 8.4.1 and before are vulnerable to DLL hijacking where an attacker can replace the vulnerable dll (UxTheme.dll) with his own dll and run arbitrary code in the context of Notepad++.
References
Link | Resource |
---|---|
https://github.com/notepad-plus-plus/notepad-plus-plus/commit/85d7215d9b3e0d5a8433fc31aec4f2966821051e | Patch Third Party Advisory |
https://www.mend.io/vulnerability-database/CVE-2022-32168 | Exploit Third Party Advisory |
Configurations
History
29 Sep 2022, 16:22
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.mend.io/vulnerability-database/CVE-2022-32168 - Exploit, Third Party Advisory | |
References | (CONFIRM) https://github.com/notepad-plus-plus/notepad-plus-plus/commit/85d7215d9b3e0d5a8433fc31aec4f2966821051e - Patch, Third Party Advisory | |
First Time |
Notepad-plus-plus
Notepad-plus-plus notepad\+\+ |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
CPE | cpe:2.3:a:notepad-plus-plus:notepad\+\+:*:*:*:*:*:*:*:* |
28 Sep 2022, 09:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-09-28 09:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-32168
Mitre link : CVE-2022-32168
CVE.ORG link : CVE-2022-32168
JSON object : View
Products Affected
notepad-plus-plus
- notepad\+\+
CWE
CWE-427
Uncontrolled Search Path Element