Arbitrary Code Injection in Zemana AntiMalware Products
CVE-2022-42045

6.7MEDIUM

Key Information:

Vendor: Watchdog
Status: Anti-virus; Antimalware
Vendor: CVE Published:; 13 July 2023

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2022-42045?

Zemana products, including Watchdog Anti-Malware version 4.1.422 and Zemana AntiMalware version 3.2.28, are susceptible to arbitrary code injection attacks. This vulnerability could potentially allow an attacker to execute unwanted code on the targeted system, posing a risk to the integrity and confidentiality of user data. Users are advised to update their software to the latest versions to mitigate risks associated with this vulnerability.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2022-42045
Created by ReCryptLLC

References

https://github.com/ReCryptLLC/CVE-2022-42045/tree/main

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 13, 2023
🟡
Public PoC available
Oct 23, 2022
👾
Exploit known to exist
Oct 23, 2022
Vulnerability Reserved
Oct 3, 2022