CVE-2022-28965 : Multiple DLL hijacking vulnerabilities via the components instup.exe and wsc

Multiple DLL hijacking vulnerabilities via the components instup.exe and wsc_proxy.exe in Avast Premium Security before v21.11.2500 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via a crafted DLL file.

Published 2022-05-20 02:15:07

Updated 2022-05-26 22:39:53

Source MITRE

View at NVD, CVE.org

Vulnerability category: Execute codeDenial of service

Products affected by CVE-2022-28965

Avast » Premium Security
Versions before (<) 21.11.2500
cpe:2.3:a:avast:premium_security:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2022-28965

EPSS FAQ

0.14%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 31 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-28965

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.4	MEDIUM	AV:L/AC:M/Au:N/C:P/I:P/A:P	3.4	6.4	NIST
Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
6.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H	0.6	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: High User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High

References for CVE-2022-28965

https://github.com/netero1010/Vulnerability-Disclosure/tree/main/CVE-2022-AVAST2

Vulnerability-Disclosure/CVE-2022-AVAST2 at main · netero1010/Vulnerability-Disclosure · GitHub
Third Party Advisory
https://forum.avast.com/index.php?topic=318305.0

NEW Avast Version 22.2 (February 2022)
Patch;Release Notes;Vendor Advisory

Jump to

Vulnerability Details : CVE-2022-28965

Products affected by CVE-2022-28965

Exploit prediction scoring system (EPSS) score for CVE-2022-28965

CVSS scores for CVE-2022-28965

References for CVE-2022-28965