CVE-2022-46662

Severity Score

6.7

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Roxio Creator LJB starts another program with an unquoted file path. Since a registered Windows service path contains spaces and are unquoted, if a malicious executable is placed on a certain path, the executable may be executed with the privilege of the Windows service. The affected product and versions are as follows: Roxio Creator LJB version number 12.2 build number 106B62B, version number 12.2 build number 106B63A, version number 12.2 build number 106B69A, version number 12.2 build number 106B71A, and version number 12.2 build number 106B74A)

Roxio Creator LJB inicia otro programa con una ruta de archivo sin comillas. Dado que una ruta de servicio de Windows registrada contiene espacios y no está entre comillas, si se coloca un ejecutable malicioso en una ruta determinada, el ejecutable puede ejecutarse con el privilegio del servicio de Windows. El producto y las versiones afectados son los siguientes: Roxio Creator LJB número de versión 12.2 número de compilación 106B62B, número de versión 12.2 número de compilación 106B63A, número de versión 12.2 número de compilación 106B69A, número de versión 12.2 número de compilación 106B71A y número de versión 12.2 número de compilación 106B74A)

*Credits: N/A

CVSS Scores

NISTv3.1 6.7

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-12-06 CVE Reserved
2022-12-21 CVE Published
2024-07-13 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-428: Unquoted Search Path or Element

CAPEC

References (2)

URL	Tag	Source
https://jvn.jp/en/jp/JVN13075438/index.html	Third Party Advisory
https://kb.corel.com/jp/129393	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Corel Search vendor "Corel"		Roxio Creator Ljb Search vendor "Corel" for product "Roxio Creator Ljb"				12.2 Search vendor "Corel" for product "Roxio Creator Ljb" and version "12.2"		build_106b62b		Affected
Corel Search vendor "Corel"		Roxio Creator Ljb Search vendor "Corel" for product "Roxio Creator Ljb"				12.2 Search vendor "Corel" for product "Roxio Creator Ljb" and version "12.2"		build_106b63a		Affected
Corel Search vendor "Corel"		Roxio Creator Ljb Search vendor "Corel" for product "Roxio Creator Ljb"				12.2 Search vendor "Corel" for product "Roxio Creator Ljb" and version "12.2"		build_106b69a		Affected
Corel Search vendor "Corel"		Roxio Creator Ljb Search vendor "Corel" for product "Roxio Creator Ljb"				12.2 Search vendor "Corel" for product "Roxio Creator Ljb" and version "12.2"		build_106b71a		Affected
Corel Search vendor "Corel"		Roxio Creator Ljb Search vendor "Corel" for product "Roxio Creator Ljb"				12.2 Search vendor "Corel" for product "Roxio Creator Ljb" and version "12.2"		build_106b74a		Affected