CVE-2022-2313

HIGH

MA Smart Installer <5.7.7 - Code Injection

Title source: llm

Description

A DLL hijacking vulnerability in the MA Smart Installer for Windows prior to 5.7.7, which allows local users to execute arbitrary code and obtain higher privileges via careful placement of a malicious DLL into the folder from where the Smart installer is being executed.

References (1)

[Various Sources] https://kcm.trellix.com/corporate/index?page=content&id=SB10385&actp=null&viewlocale=en_US&showDraft=false&platinum_status=false&locale=en_US

Scores

CVSS v3 8.2

EPSS 0.0003

EPSS Percentile 8.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Classification

CWE

CWE-427

Status published

Affected Products (1)

mcafee/agent < 5.7.7

Timeline

Published Jul 27, 2022

Tracked Since Feb 18, 2026