← Back

CVE-2022-46662

nvd nist
Published: Dec 21, 2022Modified: Apr 16, 2025

JSON object

Loading...
6.7
Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability: 0.8 / Impact: 5.9
Source: NVD

Description

Roxio Creator LJB starts another program with an unquoted file path. Since a registered Windows service path contains spaces and are unquoted, if a malicious executable is placed on a certain path, the executable may be executed with the privilege of the Windows service. The affected product and versions are as follows: Roxio Creator LJB version number 12.2 build number 106B62B, version number 12.2 build number 106B63A, version number 12.2 build number 106B69A, version number 12.2 build number 106B71A, and version number 12.2 build number 106B74A)

Affected (5)

Corel
1 product
Roxio Creator Ljb
Configuration A
5 vulnerable
Vulnerable SoftwareAffected Versions
Corel
Roxio Creator Ljb
Version 12.2 build_106b62b
Roxio Creator Ljb
Version 12.2 build_106b63a
Roxio Creator Ljb
Version 12.2 build_106b69a
Roxio Creator Ljb
Version 12.2 build_106b71a
Roxio Creator Ljb
Version 12.2 build_106b74a

Related CWEs

CWE-428
Unquoted Search Path or Element
The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.

References (4)

Source: vultures@jpcert.or.jp
Third Party Advisory
Source: vultures@jpcert.or.jp
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.