CVE-2022-28965

MEDIUM

Avast Premium Security <v21.11.2500 - RCE/DoS

Title source: llm

Description

Multiple DLL hijacking vulnerabilities via the components instup.exe and wsc_proxy.exe in Avast Premium Security before v21.11.2500 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via a crafted DLL file.

References (2)

[Patch, Release Notes, Vendor Advisory] https://forum.avast.com/index.php?topic=318305.0

[Third Party Advisory] https://github.com/netero1010/Vulnerability-Disclosure/tree/main/CVE-2022-AVAST2

View Writeup ZIP pw:eip

Scores

CVSS v3 6.5

EPSS 0.0044

EPSS Percentile 63.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-427

Status published

Affected Products (1)

avast/premium_security < 21.11.2500

Timeline

Published May 20, 2022

Tracked Since Feb 18, 2026