CVE-2022-28965

Multiple DLL hijacking vulnerabilities via the components instup.exe and wsc_proxy.exe in Avast Premium Security before v21.11.2500 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via a crafted DLL file.
Configurations

Configuration 1 (hide)

cpe:2.3:a:avast:premium_security:*:*:*:*:*:*:*:*

History

08 Aug 2023, 14:22

Type Values Removed Values Added
CWE NVD-CWE-noinfo CWE-427

26 May 2022, 22:39

Type Values Removed Values Added
CWE NVD-CWE-noinfo
CVSS v2 : unknown
v3 : unknown
v2 : 4.4
v3 : 6.5
CPE cpe:2.3:a:avast:premium_security:*:*:*:*:*:*:*:*
References (MISC) https://forum.avast.com/index.php?topic=318305.0 - (MISC) https://forum.avast.com/index.php?topic=318305.0 - Patch, Release Notes, Vendor Advisory
References (MISC) https://github.com/netero1010/Vulnerability-Disclosure/tree/main/CVE-2022-AVAST2 - (MISC) https://github.com/netero1010/Vulnerability-Disclosure/tree/main/CVE-2022-AVAST2 - Third Party Advisory

20 May 2022, 02:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-05-20 02:15

Updated : 2024-02-04 22:29


NVD link : CVE-2022-28965

Mitre link : CVE-2022-28965

CVE.ORG link : CVE-2022-28965


JSON object : View

Products Affected

avast

  • premium_security
CWE
CWE-427

Uncontrolled Search Path Element