What is CVE-2022-46662?

CVE-2022-46662 is a vulnerability in Roxio Creator LJB that allows a malicious executable to be executed with the privilege of a Windows service.

What is the severity of CVE-2022-46662?

The severity of CVE-2022-46662 is medium with a CVSS score of 6.7.

How does CVE-2022-46662 work?

CVE-2022-46662 occurs when Roxio Creator LJB starts another program with an unquoted file path, allowing a malicious executable to be executed with the privilege of the Windows service due to unquoted registered Windows service paths.

Which versions of Corel Roxio Creator Ljb are affected by CVE-2022-46662?

Versions 12.2-build_106b62b, 12.2-build_106b63a, 12.2-build_106b69a, 12.2-build_106b71a, and 12.2-build_106b74a of Corel Roxio Creator Ljb are affected by CVE-2022-46662.

How can I fix CVE-2022-46662?

To fix CVE-2022-46662, it is recommended to update Corel Roxio Creator Ljb to the latest version provided by the vendor.

Vulnerability/
CVE-2022-46662

medium

6.7

CWE

428

21/12/2022

21/11/2024

CVE-2022-46662

First published: Wed Dec 21 2022(Updated: )

Roxio Creator LJB starts another program with an unquoted file path. Since a registered Windows service path contains spaces and are unquoted, if a malicious executable is placed on a certain path, the executable may be executed with the privilege of the Windows service. The affected product and versions are as follows: Roxio Creator LJB version number 12.2 build number 106B62B, version number 12.2 build number 106B63A, version number 12.2 build number 106B69A, version number 12.2 build number 106B71A, and version number 12.2 build number 106B74A)

Credit: vultures@jpcert.or.jp vultures@jpcert.or.jp

Affected Software	Affected Version	How to fix
Corel Roxio Creator Ljb	=12.2-build_106b62b
Corel Roxio Creator Ljb	=12.2-build_106b63a
Corel Roxio Creator Ljb	=12.2-build_106b69a
Corel Roxio Creator Ljb	=12.2-build_106b71a
Corel Roxio Creator Ljb	=12.2-build_106b74a
	=12.2-build_106b62b
	=12.2-build_106b63a
	=12.2-build_106b69a
	=12.2-build_106b71a
	=12.2-build_106b74a

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2022-46662?
CVE-2022-46662 is a vulnerability in Roxio Creator LJB that allows a malicious executable to be executed with the privilege of a Windows service.
What is the severity of CVE-2022-46662?
The severity of CVE-2022-46662 is medium with a CVSS score of 6.7.
How does CVE-2022-46662 work?
CVE-2022-46662 occurs when Roxio Creator LJB starts another program with an unquoted file path, allowing a malicious executable to be executed with the privilege of the Windows service due to unquoted registered Windows service paths.
Which versions of Corel Roxio Creator Ljb are affected by CVE-2022-46662?
Versions 12.2-build_106b62b, 12.2-build_106b63a, 12.2-build_106b69a, 12.2-build_106b71a, and 12.2-build_106b74a of Corel Roxio Creator Ljb are affected by CVE-2022-46662.
How can I fix CVE-2022-46662?
To fix CVE-2022-46662, it is recommended to update Corel Roxio Creator Ljb to the latest version provided by the vendor.

collector/nvd-index
agent/references
agent/type
collector/mitre-cve
source/MITRE
agent/severity
agent/weakness
agent/first-publish-date
agent/description
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/last-modified-date
agent/author
agent/softwarecombine
agent/tags
agent/event
vendor/corel
canonical/corel roxio creator ljb
version/corel roxio creator ljb/12.2-build_106b62b
version/corel roxio creator ljb/12.2-build_106b63a
version/corel roxio creator ljb/12.2-build_106b69a
version/corel roxio creator ljb/12.2-build_106b71a
version/corel roxio creator ljb/12.2-build_106b74a

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.