CVE-2022-2313

Name of the Vulnerable Software and Affected Versions MA Smart Installer for Windows versions prior to 5.7.7

Description The issue is related to a DLL hijacking vulnerability, which allows local users to execute arbitrary code and obtain higher privileges via careful placement of a malicious DLL into the folder from where the Smart installer is being executed. This vulnerability is associated with the possibility of substituting a dynamic library, potentially enabling an attacker to execute arbitrary code or elevate their privileges.

Recommendations For versions prior to 5.7.7, update to version 5.7.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the folder from where the Smart installer is being executed to minimize the risk of exploitation.