CVE-2022-4956

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Sep 30, 2023

Updated: May 17, 2024

CWE ID 427

Summary

CVE-2022-4456 is a critical vulnerability affecting Caphyon Advanced Installer 19.7. The exact component involved is the WinSxS DLL Handler, which contains an uncontrolled search path issue. An attacker can exploit this vulnerability locally, leading to potential manipulation. The exploit for this vulnerability has been disclosed to the public, increasing the risk. To mitigate this issue, upgrading to version 19.7.1 is recommended as it addresses the vulnerability. The associated identifier for this vulnerability is VDB-240903.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Caphyon Advanced Installer

Affected Vendors

Caphyon

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/s1IA7w
https://www.cve.org/CVERecord?id=CVE-2022-4956
https://nvd.nist.gov/vuln/detail/CVE-2022-4956

Back to Vulnerability Database