EXE Search Order Hijacking in JetBrains IntelliJ IDEA
CVE-2022-40978

7.5HIGH

Key Information:

Vendor
Jetbrains
Status
Intellij Idea
Vendor
CVE Published:
19 September 2022

Summary

The installer of JetBrains IntelliJ IDEA prior to version 2022.2.2 is susceptible to an EXE search order hijacking issue, which could allow an attacker to execute malicious code by placing a malicious executable in a location that precedes a legitimate executable in the system's search order.

Affected Version(s)

IntelliJ IDEA Windows 2022.2.2

References

https://www.jetbrains.com/privacy-security/issues-fixed/
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Dmitry Zemlyakov
.