CVE-2022-4291

HIGH

Avast Script Shield < 18.0.1473.0 - Heap Corruption in aswjsflt.dll

Title source: llm

Description

The aswjsflt.dll library from Avast Antivirus windows contained a potentially exploitable heap corruption vulnerability that could enable an attacker to bypass the sandbox of the application it was loaded into, if applicable. This issue was fixed in version 18.0.1478 of the Script Shield Component.

References (1)

Core 1

Core References

Vendor Advisory

https://support.norton.com/sp/static/external/tools/security-advisories.html

Scores

CVSS v3 7.7

EPSS 0.0042

EPSS Percentile 33.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-119 CWE-787

Status published

Products (1)

avast/script_shield < 18.0.1473.0

Published Dec 08, 2022

Tracked Since Feb 18, 2026