CVE-2022-28792

Published: May 3, 2022Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

DLL hijacking vulnerability in Gear IconX PC Manager prior to version 2.1.220405.51 allows attacker to execute arbitrary code. The patch adds proper absolute path to prevent dll hijacking.

Affected (1)

Products: Samsung: Gear Iconx Pc Manager

Samsung

1 product

Gear Iconx Pc Manager

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Samsung Gear Iconx Pc Manager	Before 2.1.220405.51

Related CWEs

CWE-427

Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

References (2)

https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=5

Source: mobile.security@samsung.com

Vendor Advisory

https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=5

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.