Skip to main content

Premium Security CVE-2022-28965

MEDIUM
Uncontrolled Search Path Element (CWE-427)
2022-05-20 cve@mitre.org
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
May 20, 2022 - 02:15 nvd
MEDIUM 6.5

DescriptionNVD

Multiple DLL hijacking vulnerabilities via the components instup.exe and wsc_proxy.exe in Avast Premium Security before v21.11.2500 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via a crafted DLL file.

AnalysisAI

Multiple DLL hijacking vulnerabilities via the components instup.exe and wsc_proxy.exe in Avast Premium Security before v21.11.2500 allows attackers to execute arbitrary code or cause a Denial of. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-427. Multiple DLL hijacking vulnerabilities via the components instup.exe and wsc_proxy.exe in Avast Premium Security before v21.11.2500 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via a crafted DLL file. Affected products include: Avast Premium Security.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2024-23940 HIGH POC
7.8 Jan 29

Trend Micro uiAirSupport, included in the Trend Micro Security 2023 family of consumer products, version 6.0.2092 and be

CVE-2018-3608 CRITICAL
9.8 Jul 06

A vulnerability in Trend Micro Maximum Security's (Consumer) 2018 (versions 12.0.1191 and below) User-Mode Hooking (UMH)

CVE-2018-15363 HIGH
7.8 Aug 30

An Out-of-Bounds Read Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a

CVE-2018-10514 HIGH
7.8 Aug 30

A Missing Impersonation Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow

CVE-2018-10513 HIGH
7.8 Aug 30

A Deserialization of Untrusted Data Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products

CVE-2018-6235 HIGH
7.8 May 25

An Out-of-Bounds write privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a

CVE-2018-6233 HIGH
7.8 May 25

A buffer overflow privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local

CVE-2018-6232 HIGH
7.8 May 25

A buffer overflow privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local

CVE-2022-28964 HIGH
7.1 May 20

An arbitrary file write vulnerability in Avast Premium Security before v21.11.2500 (build 21.11.6809.528) allows attacke

CVE-2018-6236 HIGH
7.0 May 25

A Time-of-Check Time-of-Use privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could all

CVE-2017-5565 MEDIUM
6.7 Mar 21

Code injection vulnerability in Trend Micro Maximum Security 11.0 (and earlier), Internet Security 11.0 (and earlier), a

CVE-2021-27241 MEDIUM
6.1 Mar 29

This vulnerability allows local attackers to delete arbitrary directories on affected installations of Avast Premium Sec

Share

CVE-2022-28965 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy