CVE-2022-28792

MEDIUM

Gear IconX PC Manager <2.1.220405.51 - RCE

Title source: llm

Description

DLL hijacking vulnerability in Gear IconX PC Manager prior to version 2.1.220405.51 allows attacker to execute arbitrary code. The patch adds proper absolute path to prevent dll hijacking.

References (1)

[Vendor Advisory] https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=5

Scores

CVSS v3 6.2

EPSS 0.0006

EPSS Percentile 17.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Classification

CWE

CWE-427

Status published

Affected Products (1)

samsung/gear_iconx_pc_manager < 2.1.220405.51

Timeline

Published May 03, 2022

Tracked Since Feb 18, 2026