Untrusted Search Path Vulnerability in Content Transfer for Windows by Sony
CVE-2022-41796

7.8HIGH

Key Information:

Vendor: Sony Corporation
Status: Content Transfer (for Windows)
Vendor: CVE Published:; 24 October 2022

🔔 Create Sony Corporation Vulnerability Alert

What is CVE-2022-41796?

An untrusted search path vulnerability exists in the installer of Content Transfer for Windows versions 1.3 and earlier, enabling attackers to exploit the system through a Trojan horse DLL stored in an unspecified directory. This can allow unauthorized privilege escalation, putting systems at risk. Users are encouraged to review their software configurations and update to the latest version to mitigate potential threats.

Affected Version(s)

Content Transfer (for Windows) Ver.1.3 and prior

References

https://www.sony.jp/support/audiosoftware/contenttransfer/

https://jvn.jp/en/jp/JVN40620121/index.html

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 24, 2022
Vulnerability Reserved
Oct 7, 2022