CVE-2022-46662

Name of the Vulnerable Software and Affected Versions Roxio Creator LJB version 12.2 build number 106B62B Roxio Creator LJB version 12.2 build number 106B63A Roxio Creator LJB version 12.2 build number 106B69A Roxio Creator LJB version 12.2 build number 106B71A Roxio Creator LJB version 12.2 build number 106B74A

Description Roxio Creator LJB starts another program with an unquoted file path. Since a registered Windows service path contains spaces and are unquoted, if a malicious executable is placed on a certain path, the executable may be executed with the privilege of the Windows service.

Recommendations For Roxio Creator LJB version 12.2 build number 106B62B, consider updating to a version where this issue is fixed, if available. For Roxio Creator LJB version 12.2 build number 106B63A, consider updating to a version where this issue is fixed, if available. For Roxio Creator LJB version 12.2 build number 106B69A, consider updating to a version where this issue is fixed, if available. For Roxio Creator LJB version 12.2 build number 106B71A, consider updating to a version where this issue is fixed, if available. For Roxio Creator LJB version 12.2 build number 106B74A, consider updating to a version where this issue is fixed, if available. As a temporary workaround, consider restricting access to the Windows service path to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.