CVE-2022-42045

MEDIUM EXPLOITED

Zemana AntiMalware and Watchdog Anti-Malware - Arbitrary Code Injection

Title source: llm

Exploitation Summary

CVE-2022-42045 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including ReCryptLLC.

AI-analyzed exploit summary This PoC demonstrates a local privilege escalation (LPE) vulnerability in Zemana Anti-Malware's kernel driver (amsdk.sys, zam64.sys, zamguard64.sys) by injecting arbitrary shellcode into a driver section with RWX permissions and executing it in kernel mode. The exploit leverages IOCTL calls to manipulate driver memory and bypass security mechanisms like Driver Signature Enforcement.

Description

Certain Zemana products are vulnerable to Arbitrary code injection. This affects Watchdog Anti-Malware 4.1.422 and Zemana AntiMalware 3.2.28.

Exploits (1)

nomisec WORKING POC 39 stars

by ReCryptLLC · local

https://github.com/ReCryptLLC/CVE-2022-42045

View Code ZIP pw:eip

This PoC demonstrates a local privilege escalation (LPE) vulnerability in Zemana Anti-Malware's kernel driver (amsdk.sys, zam64.sys, zamguard64.sys) by injecting arbitrary shellcode into a driver section with RWX permissions and executing it in kernel mode. The exploit leverages IOCTL calls to manipulate driver memory and bypass security mechanisms like Driver Signature Enforcement.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Zemana Anti-Malware (amsdk.sys, zam64.sys, zamguard64.sys) versions including Watchdog Anti-Malware 4.1.422 and Zemana AntiMalware 3.2.28

Auth required

Prerequisites: Local admin access · Presence of vulnerable Zemana driver

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1055 - Process Injection

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Third Party Advisory

https://github.com/ReCryptLLC/CVE-2022-42045/tree/main

View Writeup ZIP pw:eip

Scores

CVSS v3 6.7

EPSS 0.0056

EPSS Percentile 41.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

VulnCheck KEV 2025-06-18

CWE

CWE-94

Status published

Products (2)

watchdog/anti-virus 4.1.422

zemana/antimalware 3.2.28

Published Jul 13, 2023

Tracked Since Feb 18, 2026