CVE-2022-46330

HIGH

Squirrel.Windows <2.0.1 - RCE

Title source: llm

Description

Squirrel.Windows is both a toolset and a library that provides installation and update functionality for Windows desktop applications. Installers generated by Squirrel.Windows 2.0.1 and earlier contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privilege of the user invoking the installer.

References (3)

Scores

CVSS v3 7.8
EPSS 0.0020
EPSS Percentile 41.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE
CWE-427
Status published

Affected Products (1)

squirrel.windows_project/squirrel.windows < 2.0.1

Timeline

Published Dec 21, 2022
Tracked Since Feb 18, 2026