Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-32168

Summary
Assigner-Mend
Assigner Org ID-478c68dd-22c1-4a41-97cd-654224dfacff
Published At-28 Sep, 2022 | 09:00
Updated At-21 May, 2025 | 14:14
Rejected At-
Credits

notepad-plus-plus - DLL Hijacking

Notepad++ versions 8.4.1 and before are vulnerable to DLL hijacking where an attacker can replace the vulnerable dll (UxTheme.dll) with his own dll and run arbitrary code in the context of Notepad++.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Mend
Assigner Org ID:478c68dd-22c1-4a41-97cd-654224dfacff
Published At:28 Sep, 2022 | 09:00
Updated At:21 May, 2025 | 14:14
Rejected At:
▼CVE Numbering Authority (CNA)
notepad-plus-plus - DLL Hijacking

Notepad++ versions 8.4.1 and before are vulnerable to DLL hijacking where an attacker can replace the vulnerable dll (UxTheme.dll) with his own dll and run arbitrary code in the context of Notepad++.

Affected Products
Vendor
notepad-plus-plus
Product
notepad-plus-plus
Versions
Affected
  • From v8.3 before unspecified (custom)
  • From unspecified through v8.4.4 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-427CWE-427 Uncontrolled Search Path Element
Type: CWE
CWE ID: CWE-427
Description: CWE-427 Uncontrolled Search Path Element
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
unknown
scope:
UNCHANGED
version:
3.1
baseScore:
6.5
attackVector:
LOCAL
baseSeverity:
MEDIUM
vectorString:
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
integrityImpact:
HIGH
userInteraction:
REQUIRED
attackComplexity:
LOW
availabilityImpact:
HIGH
privilegesRequired:
HIGH
confidentialityImpact:
HIGH
Impacts
CAPEC IDDescription
Solutions

Update version to v8.4.5 or later

Configurations
Workarounds
Exploits
Credits
Mend Vulnerability Research Team (MVR)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.mend.io/vulnerability-database/CVE-2022-32168
x_refsource_MISC
https://github.com/notepad-plus-plus/notepad-plus-plus/commit/85d7215d9b3e0d5a8433fc31aec4f2966821051e
x_refsource_MISC
Hyperlink: https://www.mend.io/vulnerability-database/CVE-2022-32168
Resource:
x_refsource_MISC
Hyperlink: https://github.com/notepad-plus-plus/notepad-plus-plus/commit/85d7215d9b3e0d5a8433fc31aec4f2966821051e
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.mend.io/vulnerability-database/CVE-2022-32168
x_refsource_MISC
x_transferred
https://github.com/notepad-plus-plus/notepad-plus-plus/commit/85d7215d9b3e0d5a8433fc31aec4f2966821051e
x_refsource_MISC
x_transferred
Hyperlink: https://www.mend.io/vulnerability-database/CVE-2022-32168
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/notepad-plus-plus/notepad-plus-plus/commit/85d7215d9b3e0d5a8433fc31aec4f2966821051e
Resource:
x_refsource_MISC
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:vulnerabilitylab@mend.io
Published At:28 Sep, 2022 | 09:15
Updated At:21 May, 2025 | 15:15

Notepad++ versions 8.4.1 and before are vulnerable to DLL hijacking where an attacker can replace the vulnerable dll (UxTheme.dll) with his own dll and run arbitrary code in the context of Notepad++.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Secondary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CPE Matches
notepad-plus-plus
notepad-plus-plus
>>notepad\+\+>>Versions from 8.3(inclusive) to 8.4.5(exclusive)
cpe:2.3:a:notepad-plus-plus:notepad\+\+:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-427Secondaryvulnerabilitylab@mend.io
CWE ID: CWE-427
Type: Secondary
Source: vulnerabilitylab@mend.io
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/notepad-plus-plus/notepad-plus-plus/commit/85d7215d9b3e0d5a8433fc31aec4f2966821051evulnerabilitylab@mend.io
Patch
Third Party Advisory
https://www.mend.io/vulnerability-database/CVE-2022-32168vulnerabilitylab@mend.io
Exploit
Third Party Advisory
https://github.com/notepad-plus-plus/notepad-plus-plus/commit/85d7215d9b3e0d5a8433fc31aec4f2966821051eaf854a3a-2127-422b-91ae-364da2661108
Patch
Third Party Advisory
https://www.mend.io/vulnerability-database/CVE-2022-32168af854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
Hyperlink: https://github.com/notepad-plus-plus/notepad-plus-plus/commit/85d7215d9b3e0d5a8433fc31aec4f2966821051e
Source: vulnerabilitylab@mend.io
Resource:
Patch
Third Party Advisory
Hyperlink: https://www.mend.io/vulnerability-database/CVE-2022-32168
Source: vulnerabilitylab@mend.io
Resource:
Exploit
Third Party Advisory
Hyperlink: https://github.com/notepad-plus-plus/notepad-plus-plus/commit/85d7215d9b3e0d5a8433fc31aec4f2966821051e
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Third Party Advisory
Hyperlink: https://www.mend.io/vulnerability-database/CVE-2022-32168
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

260Records found
CVE-2021-20047
Matching Score-4
Assigner-SonicWall, Inc.
ShareView Details
Matching Score-4
Assigner-SonicWall, Inc.
CVSS Score-7.8||HIGH
EPSS-0.07% / 22.88%
||
7 Day CHG~0.00%
Published-08 Dec, 2021 | 09:55
Updated-03 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SonicWall Global VPN client version 4.10.6 (32-bit and 64-bit) and earlier have a DLL Search Order Hijacking vulnerability. Successful exploitation via a local attacker could result in remote code execution in the target system.

Action-Not Available
Vendor-SonicWall Inc.
Product-global_vpn_clientSonicWall Global VPN Client
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2020-9287
Matching Score-4
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-4
Assigner-Fortinet, Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.83%
||
7 Day CHG~0.00%
Published-15 Mar, 2020 | 21:56
Updated-25 Oct, 2024 | 14:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Unsafe Search Path vulnerability in FortiClient EMS online installer 6.2.1 and below may allow a local attacker with control over the directory in which FortiClientEMSOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious Filter Library DLL files in that directory.

Action-Not Available
Vendor-Fortinet, Inc.
Product-forticlient_emergency_management_serverFortinet FortiClient EMS
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2020-9858
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.95%
||
7 Day CHG~0.00%
Published-09 Jun, 2020 | 16:18
Updated-04 Aug, 2024 | 10:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A dynamic library loading issue was addressed with improved path searching. This issue is fixed in Windows Migration Assistant 2.2.0.0 (v. 1A11). Running the installer in an untrusted directory may result in arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.
Product-windows_migration_assistantWindows Migration Assistant
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2021-0082
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 22.27%
||
7 Day CHG~0.00%
Published-17 Nov, 2021 | 19:30
Updated-03 Aug, 2024 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path in software installer for Intel(R) PROSet/Wireless WiFi in Windows 10 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-ax1650ax1675_firmwareac_9462ac_8265ac_3165_firmwareac_9560_firmwareac_8265_firmwareax1675ax200ac_3165ac_9461ac_8260ac_9260ax1650_firmwareac_9461_firmwareac_9462_firmwareac_3168ac_9560ax200_firmware7265_firmwareac1550_firmwareac_3168_firmwareax201ax210_firmwareax201_firmwareac_9260_firmwareac1550ac_8260_firmwareax2107265Intel(R) PROSet/Wireless WiFi in Windows 10
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2020-6788
Matching Score-4
Assigner-Robert Bosch GmbH
ShareView Details
Matching Score-4
Assigner-Robert Bosch GmbH
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.31%
||
7 Day CHG~0.00%
Published-25 Mar, 2021 | 15:52
Updated-16 Sep, 2024 | 23:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Uncontrolled Search Path Element in Bosch Configuration Manager Installer

Loading a DLL through an Uncontrolled Search Path Element in the Bosch Configuration Manager installer up to and including version 7.21.0078 potentially allows an attacker to execute arbitrary code on a victim's system. A prerequisite is that the victim is tricked into placing a malicious DLL in the same directory where the installer is started from.

Action-Not Available
Vendor-Robert Bosch GmbH
Product-configuration_managerConfiguration Manager
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2020-6787
Matching Score-4
Assigner-Robert Bosch GmbH
ShareView Details
Matching Score-4
Assigner-Robert Bosch GmbH
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.31%
||
7 Day CHG~0.00%
Published-25 Mar, 2021 | 15:51
Updated-16 Sep, 2024 | 16:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Uncontrolled Search Path Element in Bosch Video Client installer

Loading a DLL through an Uncontrolled Search Path Element in the Bosch Video Client installer up to and including version 1.7.6.079 potentially allows an attacker to execute arbitrary code on a victim's system. A prerequisite is that the victim is tricked into placing a malicious DLL in the same directory where the installer is started from.

Action-Not Available
Vendor-Robert Bosch GmbH
Product-video_clientVideo Client
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2020-6790
Matching Score-4
Assigner-Robert Bosch GmbH
ShareView Details
Matching Score-4
Assigner-Robert Bosch GmbH
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.31%
||
7 Day CHG~0.00%
Published-25 Mar, 2021 | 15:53
Updated-17 Sep, 2024 | 04:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Uncontrolled Search Path Element in Bosch Video Streaming Gateway Installer

Calling an executable through an Uncontrolled Search Path Element in the Bosch Video Streaming Gateway installer up to and including version 6.45.10 potentially allows an attacker to execute arbitrary code on a victim's system. A prerequisite is that the victim is tricked into placing a malicious exe in the same directory where the installer is started from.

Action-Not Available
Vendor-Robert Bosch GmbH
Product-video_streaming_gatewayVideo Streaming Gateway
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2020-3979
Matching Score-4
Assigner-VMware by Broadcom
ShareView Details
Matching Score-4
Assigner-VMware by Broadcom
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.95%
||
7 Day CHG~0.00%
Published-18 Sep, 2020 | 17:37
Updated-04 Aug, 2024 | 07:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

InstallBuilder for Qt Windows (versions prior to 20.7.0) installers look for plugins at a predictable location at initialization time, writable by non-admin users. While those plugins are not required, they are loaded if present, which could allow an attacker to plant a malicious library which could result in code execution with the security scope of the installer.

Action-Not Available
Vendor-installbuildern/aMicrosoft Corporation
Product-installbuilderwindowsVMware InstallBuilder
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2020-3803
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.14% / 34.67%
||
7 Day CHG~0.00%
Published-25 Mar, 2020 | 17:28
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-24916
Matching Score-4
Assigner-Check Point Software Ltd.
ShareView Details
Matching Score-4
Assigner-Check Point Software Ltd.
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 5.34%
||
7 Day CHG~0.00%
Published-19 Jun, 2025 | 13:17
Updated-26 Aug, 2025 | 19:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DLL-HiJacking

Untrusted DLLs in the installer's directory may be loaded and executed, leading to potentially arbitrary code execution with the installer's privileges (admin).

Action-Not Available
Vendor-Microsoft CorporationCheck Point Software Technologies Ltd.
Product-smartconsolewindowsCheck Point SmartConsole
CWE ID-CWE-427
Uncontrolled Search Path Element
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next
Details not found