EXE Search Order Hijacking in JetBrains IntelliJ IDEA
CVE-2022-40978

7.5HIGH

Key Information:

Vendor: Jetbrains
Status: Intellij Idea
Vendor: CVE Published:; 19 September 2022

What is CVE-2022-40978?

The installer of JetBrains IntelliJ IDEA prior to version 2022.2.2 is susceptible to an EXE search order hijacking issue, which could allow an attacker to execute malicious code by placing a malicious executable in a location that precedes a legitimate executable in the system's search order.

Affected Version(s)

IntelliJ IDEA Windows 2022.2.2

References

https://www.jetbrains.com/privacy-security/issues-fixed/

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 19, 2022
Vulnerability Reserved
Sep 19, 2022

Credit

Dmitry Zemlyakov

Jetbrains

What is CVE-2022-40978?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit