CVE-2022-32168

notepad-plus-plus - DLL Hijacking

CVSS 7.8 HIGHEPSS 0.7%CWE-427

Notepad++ versions 8.4.1 and before are vulnerable to DLL hijacking where an attacker can replace the vulnerable dll (UxTheme.dll) with his own dll and run arbitrary code in the context of Notepad++.

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

notepad-plus-plus · notepad-plus-plus

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/notepad-plus-plus/notepad-plus-plus/commit/85d7215d9b3e0d5a8433fc31aec4f2966821051e https://www.mend.io/vulnerability-database/CVE-2022-32168