PT-2022-26221 · Zemana · Zemana Antimalware+1
Published
2022-10-24
·
Updated
2026-04-14
·
CVE-2022-42045
CVSS v3.1
6.7
Medium
| Vector | AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Zemana AntiMalware version 3.2.28
Watchdog Anti-Malware version 4.1.422
Description
The issue allows for arbitrary code injection, which can be exploited to execute code in kernel mode. This can lead to disabling mandatory driver signature checks, allowing any unsigned driver to be loaded. The vulnerability is related to the amsdk.sys driver in the Zemana Antimalware SDK.
Recommendations
For Zemana AntiMalware version 3.2.28, update to a version that includes a fix for the arbitrary code injection issue.
For Watchdog Anti-Malware version 4.1.422, update to a version that includes a fix for the arbitrary code injection issue.
As a temporary workaround, consider disabling the amsdk.sys driver until a patch is available.
Exploit
Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Zemana Antimalware
Amsdk.Sys