CVE-2022-4291
Aswjsflt.dll in Avast Antivirus windows caused a crash of the Mozilla Firefox browser due to heap corruption
Severity Score
10.0
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The aswjsflt.dll library from Avast Antivirus windows contained a potentially exploitable heap corruption vulnerability that could enable an attacker to bypass the sandbox of the application it was loaded into, if applicable. This issue was fixed in version 18.0.1478 of the Script Shield Component.
La librería aswjsflt.dll de las ventanas de Avast Antivirus contenía una vulnerabilidad de corrupción de montón potencialmente explotable que podría permitir a un atacante omitir la sandbox de la aplicación en la que se cargó, si corresponde. Este problema se solucionó en la versión 18.0.1478 del componente Script Shield.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-12-05 CVE Reserved
- 2022-12-07 CVE Published
- 2024-06-29 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-787: Out-of-bounds Write
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://support.norton.com/sp/static/external/tools/security-advisories.html | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Avast Search vendor "Avast" | Script Shield Search vendor "Avast" for product "Script Shield" | <= 18.0.1473.0 Search vendor "Avast" for product "Script Shield" and version " <= 18.0.1473.0" | - |
Affected
| ||||||