mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-06-07 13:36:56 +00:00
110 lines
3.2 KiB
JSON
110 lines
3.2 KiB
JSON
|
{
|
||
|
|
"id": "CVE-2022-32168",
|
||
|
|
"sourceIdentifier": "vulnerabilitylab@mend.io",
|
||
|
|
"published": "2022-09-28T09:15:09.520",
|
||
|
|
"lastModified": "2022-09-29T16:22:15.200",
|
||
|
|
"vulnStatus": "Analyzed",
|
||
|
|
"descriptions": [
|
||
|
|
{
|
||
|
|
"lang": "en",
|
||
|
|
"value": "Notepad++ versions 8.4.1 and before are vulnerable to DLL hijacking where an attacker can replace the vulnerable dll (UxTheme.dll) with his own dll and run arbitrary code in the context of Notepad++."
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"lang": "es",
|
||
|
|
"value": "Notepad++ versiones 8.4.1 y anteriores, son vulnerables a un secuestro de DLL, donde un atacante puede reemplazar la dll vulnerable (UxTheme.dll) por su propia dll y ejecutar c\u00f3digo arbitrario en el contexto de Notepad++"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"metrics": {
|
||
|
|
"cvssMetricV31": [
|
||
|
|
{
|
||
|
|
"source": "nvd@nist.gov",
|
||
|
|
"type": "Primary",
|
||
|
|
"cvssData": {
|
||
|
|
"version": "3.1",
|
||
|
|
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
||
|
|
"attackVector": "LOCAL",
|
||
|
|
"attackComplexity": "LOW",
|
||
|
|
"privilegesRequired": "NONE",
|
||
|
|
"userInteraction": "REQUIRED",
|
||
|
|
"scope": "UNCHANGED",
|
||
|
|
"confidentialityImpact": "HIGH",
|
||
|
|
"integrityImpact": "HIGH",
|
||
|
|
"availabilityImpact": "HIGH",
|
||
|
|
"baseScore": 7.8,
|
||
|
|
"baseSeverity": "HIGH"
|
||
|
|
},
|
||
|
|
"exploitabilityScore": 1.8,
|
||
|
|
"impactScore": 5.9
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"source": "vulnerabilitylab@mend.io",
|
||
|
|
"type": "Secondary",
|
||
|
|
"cvssData": {
|
||
|
|
"version": "3.1",
|
||
|
|
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
|
||
|
|
"attackVector": "LOCAL",
|
||
|
|
"attackComplexity": "LOW",
|
||
|
|
"privilegesRequired": "HIGH",
|
||
|
|
"userInteraction": "REQUIRED",
|
||
|
|
"scope": "UNCHANGED",
|
||
|
|
"confidentialityImpact": "HIGH",
|
||
|
|
"integrityImpact": "HIGH",
|
||
|
|
"availabilityImpact": "HIGH",
|
||
|
|
"baseScore": 6.5,
|
||
|
|
"baseSeverity": "MEDIUM"
|
||
|
|
},
|
||
|
|
"exploitabilityScore": 0.6,
|
||
|
|
"impactScore": 5.9
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
"weaknesses": [
|
||
|
|
{
|
||
|
|
"source": "vulnerabilitylab@mend.io",
|
||
|
|
"type": "Primary",
|
||
|
|
"description": [
|
||
|
|
{
|
||
|
|
"lang": "en",
|
||
|
|
"value": "CWE-427"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"configurations": [
|
||
|
|
{
|
||
|
|
"nodes": [
|
||
|
|
{
|
||
|
|
"operator": "OR",
|
||
|
|
"negate": false,
|
||
|
|
"cpeMatch": [
|
||
|
|
{
|
||
|
|
"vulnerable": true,
|
||
|
|
"criteria": "cpe:2.3:a:notepad-plus-plus:notepad\\+\\+:*:*:*:*:*:*:*:*",
|
||
|
|
"versionStartIncluding": "8.3",
|
||
|
|
"versionEndExcluding": "8.4.5",
|
||
|
|
"matchCriteriaId": "CC679137-8D40-4D8B-B833-A3F8DFD55840"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
}
|
||
|
|
]
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"references": [
|
||
|
|
{
|
||
|
|
"url": "https://github.com/notepad-plus-plus/notepad-plus-plus/commit/85d7215d9b3e0d5a8433fc31aec4f2966821051e",
|
||
|
|
"source": "vulnerabilitylab@mend.io",
|
||
|
|
"tags": [
|
||
|
|
"Patch",
|
||
|
|
"Third Party Advisory"
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"url": "https://www.mend.io/vulnerability-database/CVE-2022-32168",
|
||
|
|
"source": "vulnerabilitylab@mend.io",
|
||
|
|
"tags": [
|
||
|
|
"Exploit",
|
||
|
|
"Third Party Advisory"
|
||
|
|
]
|
||
|
|
}
|
||
|
|
]
|
||
|
|
}
|