mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
109 lines
3.6 KiB
JSON
109 lines
3.6 KiB
JSON
{
|
|
"CVE_data_meta": {
|
|
"ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com",
|
|
"ID": "CVE-2022-32168",
|
|
"STATE": "PUBLIC",
|
|
"DATE_PUBLIC": "Sep 21, 2022, 12:00:00 AM",
|
|
"TITLE": "notepad-plus-plus - DLL Hijacking "
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "notepad-plus-plus",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "notepad-plus-plus",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "v8.3",
|
|
"version_affected": ">="
|
|
},
|
|
{
|
|
"version_value": "v8.4.4",
|
|
"version_affected": "<="
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"credit": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Mend Vulnerability Research Team (MVR)"
|
|
}
|
|
],
|
|
"data_format": "MITRE",
|
|
"data_type": "CVE",
|
|
"data_version": "4.0",
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Notepad++ versions 8.4.1 and before are vulnerable to DLL hijacking where an attacker can replace the vulnerable dll (UxTheme.dll) with his own dll and run arbitrary code in the context of Notepad++."
|
|
}
|
|
]
|
|
},
|
|
"generator": {
|
|
"engine": "Vulnogram 0.0.9"
|
|
},
|
|
"impact": {
|
|
"cvss": {
|
|
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
|
|
"attackComplexity": "LOW",
|
|
"attackVector": "LOCAL",
|
|
"availabilityImpact": "HIGH",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"privilegesRequired": "HIGH",
|
|
"scope": "UNCHANGED",
|
|
"userInteraction": "REQUIRED",
|
|
"version": 3.1,
|
|
"baseScore": 6.5,
|
|
"baseSeverity": "MEDIUM"
|
|
}
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"refsource": "MISC",
|
|
"url": "https://www.mend.io/vulnerability-database/CVE-2022-32168",
|
|
"name": "https://www.mend.io/vulnerability-database/CVE-2022-32168"
|
|
},
|
|
{
|
|
"refsource": "MISC",
|
|
"url": "https://github.com/notepad-plus-plus/notepad-plus-plus/commit/85d7215d9b3e0d5a8433fc31aec4f2966821051e",
|
|
"name": "https://github.com/notepad-plus-plus/notepad-plus-plus/commit/85d7215d9b3e0d5a8433fc31aec4f2966821051e"
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CWE-427 Uncontrolled Search Path Element"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"solution": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Update version to v8.4.5 or later"
|
|
}
|
|
],
|
|
"source": {
|
|
"advisory": "https://www.mend.io/vulnerability-database/",
|
|
"discovery": "UNKNOWN"
|
|
}
|
|
} |