cvedb.io
CVE-2022-46662
MEDIUM · CVSS 6.7
EPSS exploitation probability: 0%
Published 2022-12-21T09:15:08.937 · Last modified 2026-06-17T05:12:09.477

Summary

Roxio Creator LJB starts another program with an unquoted file path. Since a registered Windows service path contains spaces and are unquoted, if a malicious executable is placed on a certain path, the executable may be executed with the privilege of the Windows service. The affected product and versions are as follows: Roxio Creator LJB version number 12.2 build number 106B62B, version number 12.2 build number 106B63A, version number 12.2 build number 106B69A, version number 12.2 build number 106B71A, and version number 12.2 build number 106B74A)

Affected products

corel — roxio_creator_ljb

Does this affect you?

Add your gear to cvedb and we'll alert you only when corel ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.