CVE-2022-40657

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Sep 15, 2022

Updated: Jan 7, 2025

CWE ID 787

Summary

CVE-2022-40657 is a newly disclosed vulnerability that affects NIKON NIS-Elements Viewer 1.2100.1483.0. This issue enables remote attackers to execute arbitrary code on susceptible systems. Exploitation of this vulnerability requires user interaction, as the target must visit a maliciously crafted webpage or open a malicious file. The root cause of the issue lies in the improper handling of PSD files during parsing, resulting in a write past the end of an allocated buffer. Successful exploitation grants attackers the ability to run code in the context of the current process. This vulnerability was identified as ZDI-CAN-15073 by ZDI.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Vendors

Nikon

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners