CVE-2022-35841

HIGH

Windows Enterprise App Management Service - RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-35841. PoCs published by Wack0.

AI-analyzed exploit summary The repository provides a technical analysis of CVE-2022-35841, detailing how the `EnterpriseAppMgmtSvc` service in Windows lacks permission checks on certain COM methods, potentially allowing arbitrary APPX package installation with SYSTEM privileges via the `desktop6:Service` extension. The writeup is theoretical and does not include functional exploit code.

Description

Windows Enterprise App Management Service Remote Code Execution Vulnerability

Exploits (1)

nomisec WRITEUP 3 stars

by Wack0 · poc

https://github.com/Wack0/CVE-2022-35841

View Code ZIP pw:eip

The repository provides a technical analysis of CVE-2022-35841, detailing how the `EnterpriseAppMgmtSvc` service in Windows lacks permission checks on certain COM methods, potentially allowing arbitrary APPX package installation with SYSTEM privileges via the `desktop6:Service` extension. The writeup is theoretical and does not include functional exploit code.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Theoretical

Target: Windows EnterpriseAppMgmtSvc (Windows 10/11, likely other versions)

No auth needed

Prerequisites: Access to the `EnterpriseModernAppManager` COM interface · Ability to craft or obtain a malicious APPX package with restricted capabilities

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548.002 - Bypass User Account Control

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35841

Scores

CVSS v3 8.8

EPSS 0.0260

EPSS Percentile 83.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

Status published

Products (10)

microsoft/windows_10 (2 CPE variants)

microsoft/windows_10 20h2 (3 CPE variants)

microsoft/windows_10 21h1 (3 CPE variants)

microsoft/windows_10 21h2 (3 CPE variants)

microsoft/windows_10 1607 (2 CPE variants)

microsoft/windows_10 1809 (3 CPE variants)

microsoft/windows_11 (2 CPE variants)

microsoft/windows_server_2016

microsoft/windows_server_2019

microsoft/windows_server_2022 (2 CPE variants)

Published Sep 13, 2022

Tracked Since Feb 18, 2026