CVE-2022-41305 Malicious PKT file could lead to memory corruption vulnerability by write access violation.

SubassemblyComposer.exe application is commonly used to build custom SCCM packages, and it’s installed with Windows operating system. If an attacker successfully exploits this vulnerability and installs a malicious PKT file on the targeted system, the attacker could gain remote code execution with elevated privileges. The attacker also could use this vulnerability to install any additional required components and/or deliver the malicious PKT file as an update.

Vulnerability details

The vulnerability is found in the SubassemblyComposer.exe application of the Windows operating system. This application is commonly used to build custom SCCM packages and is installed with Windows. If an attacker successfully exploits this vulnerability, they could gain remote code execution with elevated privileges on the targeted system. The attacker also could use this vulnerability to install any additional required components and/or deliver the malicious PKT file as an update.

Vulnerability Details

The vulnerability allows an attacker to exploit the affected Windows OS by installing a malicious PKT file, which could then be used to install any additional required components and/or deliver the malicious PKT file as an update. This vulnerability is most commonly exploited by attackers through social engineering tactics and phishing campaigns.
The following files are used in this exploit:
- SubassemblyComposer.exe
- infinst.exe
- C:\Windows\inf\spuninst.exe
- C:\Windows\system32\cmd.exe
- C:\Users\

Vulnerability Explaination

Vulnerability Description: CVE-2022-41305
CVE ID: CPUID System (AV): x86
Affected Products/OS: All Windows operating systems.
Affected File Types: PKT files.
Vulnerability Severity: Low.
Publicly disclosed on: January 10, 2016.
Disclosed by: Microsoft Security Response Center.
Mitigation Strategies & Solutions: Install updates to address the vulnerability and limit exposure.

Timeline

Published on: 10/14/2022 17:15:00 UTC
Last modified on: 10/18/2022 17:55:00 UTC

References

• https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0019
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41305