DLL Hijacking Vulnerabilities in Avast Premium Security Software
CVE-2022-28965

6.5MEDIUM

Key Information:

Vendor: Avast
Status: Premium Security
Vendor: CVE Published:; 20 May 2022

What is CVE-2022-28965?

Avast Premium Security contains multiple DLL hijacking vulnerabilities through its components instup.exe and wsc_proxy.exe. These vulnerabilities allow potential attackers to execute arbitrary code or trigger a Denial of Service (DoS) through a specially crafted dynamic link library (DLL) file. Users of affected versions should prioritize applying the latest updates to mitigate these risks.

References

https://github.com/netero1010/Vulnerability-Disclosure/tr...

x_refsource_MISC

https://forum.avast.com/index.php?topic=318305.0

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
May 20, 2022
Vulnerability Reserved
Apr 11, 2022