CVE-2022-32168

Published: Sep 28, 2022Modified: May 21, 2025

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Notepad++ versions 8.4.1 and before are vulnerable to DLL hijacking where an attacker can replace the vulnerable dll (UxTheme.dll) with his own dll and run arbitrary code in the context of Notepad++.

Affected (1)

Products: Notepad Plus Plus: Notepad++

Notepad Plus Plus

1 product

Notepad++

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Notepad Plus Plus Notepad++	From 8.3 to 8.4.5

Related CWEs

CWE-427

Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

References (4)

https://github.com/notepad-plus-plus/notepad-plus-plus/commit/85d7215d9b3e0d5a8433fc31aec4f2966821051e

Source: vulnerabilitylab@mend.io

PatchThird Party Advisory

https://www.mend.io/vulnerability-database/CVE-2022-32168

Source: vulnerabilitylab@mend.io

ExploitThird Party Advisory

https://github.com/notepad-plus-plus/notepad-plus-plus/commit/85d7215d9b3e0d5a8433fc31aec4f2966821051e

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://www.mend.io/vulnerability-database/CVE-2022-32168

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.