← Volver a CVEs
CVE-2022-46330
HIGH7.8
Descripcion
Squirrel.Windows is both a toolset and a library that provides installation and update functionality for Windows desktop applications. Installers generated by Squirrel.Windows 2.0.1 and earlier contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privilege of the user invoking the installer.
Detalles CVE
Puntuacion CVSS v3.17.8
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vector de ataqueLOCAL
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioREQUIRED
Publicado12/21/2022
Ultima modificacion4/16/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
squirrel.windows_project:squirrel.windows
Debilidades (CWE)
CWE-427CWE-427
Referencias
https://github.com/Squirrel/Squirrel.Windows(vultures@jpcert.or.jp)
https://github.com/Squirrel/Squirrel.Windows/pull/1807(vultures@jpcert.or.jp)
https://jvn.jp/en/jp/JVN29902403/index.html(vultures@jpcert.or.jp)
https://github.com/Squirrel/Squirrel.Windows(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/Squirrel/Squirrel.Windows/pull/1807(af854a3a-2127-422b-91ae-364da2661108)
https://jvn.jp/en/jp/JVN29902403/index.html(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.