Vulnerability Details CVE-2022-32168
Notepad++ versions 8.4.1 and before are vulnerable to DLL hijacking where an attacker can replace the vulnerable dll (UxTheme.dll) with his own dll and run arbitrary code in the context of Notepad++.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 14.7%
CVSS Severity
CVSS v3 Score 7.8
References
- https://github.com/notepad-plus-plus/notepad-plus-plus/commit/85d7215d9b3e0d5a8433fc31aec4f2966821051e
- https://www.mend.io/vulnerability-database/CVE-2022-32168
- https://github.com/notepad-plus-plus/notepad-plus-plus/commit/85d7215d9b3e0d5a8433fc31aec4f2966821051e
- https://www.mend.io/vulnerability-database/CVE-2022-32168
Products affected by CVE-2022-32168
-
cpe:2.3:a:notepad-plus-plus:notepad++:8.3
-
cpe:2.3:a:notepad-plus-plus:notepad++:8.3.1
-
cpe:2.3:a:notepad-plus-plus:notepad++:8.3.2
-
cpe:2.3:a:notepad-plus-plus:notepad++:8.3.3
-
cpe:2.3:a:notepad-plus-plus:notepad++:8.4
-
cpe:2.3:a:notepad-plus-plus:notepad++:8.4.1
-
cpe:2.3:a:notepad-plus-plus:notepad++:8.4.2
-
cpe:2.3:a:notepad-plus-plus:notepad++:8.4.3
-
cpe:2.3:a:notepad-plus-plus:notepad++:8.4.4