Vulnerabilities > CVE-2022-32168 - Unspecified vulnerability in Notepad-Plus-Plus Notepad++

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

notepad-plus-plus

NVD

Published: 2022-09-28

Updated: 2024-11-21

Summary

Notepad++ versions 8.4.1 and before are vulnerable to DLL hijacking where an attacker can replace the vulnerable dll (UxTheme.dll) with his own dll and run arbitrary code in the context of Notepad++.

Vulnerable Configurations

Part	Description	Count
Application	Notepad-Plus-Plus Notepad Plus Plus Notepad++ 8.3 Notepad Plus Plus Notepad++ 8.3.1 Notepad Plus Plus Notepad++ 8.3.2 Notepad Plus Plus Notepad++ 8.3.3 Notepad Plus Plus Notepad++ 8.4 Notepad Plus Plus Notepad++ 8.4.1 Notepad Plus Plus Notepad++ 8.4.2 Notepad Plus Plus Notepad++ 8.4.3 Notepad Plus Plus Notepad++ 8.4.4	9

References

https://github.com/notepad-plus-plus/notepad-plus-plus/commit/85d7215d9b3e0d5a8433fc31aec4f2966821051e
https://github.com/notepad-plus-plus/notepad-plus-plus/commit/85d7215d9b3e0d5a8433fc31aec4f2966821051e
https://www.mend.io/vulnerability-database/CVE-2022-32168
https://www.mend.io/vulnerability-database/CVE-2022-32168