Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-46662

Roxio Creator LJB starts another program with an unquoted file path. Since a registered Windows service path contains spaces and are unquoted, if a malicious executable is placed on a certain path, the executable may be executed with the privilege of the Windows service. The affected product and versions are as follows: Roxio Creator LJB version number 12.2 build number 106B62B, version number 12.2 build number 106B63A, version number 12.2 build number 106B69A, version number 12.2 build number 106B71A, and version number 12.2 build number 106B74A)

Published

2022-12-21T09:15:08.937

Last Modified

2025-04-16T16:15:25.683

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.7 (MEDIUM)

Weaknesses

Type: Primary
CWE-428
Type: Secondary
CWE-428

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	corel	roxio_creator_ljb	12.2	Yes
Application	corel	roxio_creator_ljb	12.2	Yes
Application	corel	roxio_creator_ljb	12.2	Yes
Application	corel	roxio_creator_ljb	12.2	Yes
Application	corel	roxio_creator_ljb	12.2	Yes

References

https://jvn.jp/en/jp/JVN13075438/index.html Third Party Advisory ([email protected])
https://kb.corel.com/jp/129393 Third Party Advisory ([email protected])
https://jvn.jp/en/jp/JVN13075438/index.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://kb.corel.com/jp/129393 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)