Vulnerability Description
Notepad++ versions 8.4.1 and before are vulnerable to DLL hijacking where an attacker can replace the vulnerable dll (UxTheme.dll) with his own dll and run arbitrary code in the context of Notepad++.
CVSS Score
7.8
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Notepad-Plus-Plus | Notepad\+\+ | >= 8.3, < 8.4.5 |
Related Weaknesses (CWE)
References
- https://github.com/notepad-plus-plus/notepad-plus-plus/commit/85d7215d9b3e0d5a84PatchThird Party Advisory
- https://www.mend.io/vulnerability-database/CVE-2022-32168ExploitThird Party Advisory
- https://github.com/notepad-plus-plus/notepad-plus-plus/commit/85d7215d9b3e0d5a84PatchThird Party Advisory
- https://www.mend.io/vulnerability-database/CVE-2022-32168ExploitThird Party Advisory
FAQ
What is CVE-2022-32168?
CVE-2022-32168 is a vulnerability with a CVSS score of 7.8 (HIGH). Notepad++ versions 8.4.1 and before are vulnerable to DLL hijacking where an attacker can replace the vulnerable dll (UxTheme.dll) with his own dll and run arbitrary code in the context of Notepad++.
How severe is CVE-2022-32168?
CVE-2022-32168 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-32168?
Check the references section above for vendor advisories and patch information. Affected products include: Notepad-Plus-Plus Notepad\+\+.