NLOKCVELIST:CVE-2022-4291CVE-2022-4291 Aswjsflt.dll in Avast Antivirus windows caused a crash of the Mozilla Firefox browser due to heap corruption
7.7 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L
9.8 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
57.5%
The aswjsflt.dll library from Avast Antivirus windows contained a potentially exploitable heap corruption vulnerability that could enable an attacker to bypass the sandbox of the application it was loaded into, if applicable. This issue was fixed in version 18.0.1478 of the Script Shield Component.
CNA Affected
[
{
"defaultStatus": "affected",
"modules": [
"Script Shield"
],
"platforms": [
"Windows"
],
"product": "Avast Antivirus",
"vendor": "NortonLifelock",
"versions": [
{
"lessThanOrEqual": "18.0.1473.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
]Related
7.7 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L
9.8 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
57.5%