LG SmartShare is a popular application bundled with many LG laptops and TVs. It allows users to wirelessly share files and media across devices. However, in late 2022, a severe security vulnerability—CVE-2022-45422, also tracked by LG as LVE-HOT-220005—was reported, affecting how SmartShare loads certain DLL files. This post breaks down the vulnerability, walks through a simple proof of concept, and shares resources and official advisories.

What is DLL Hijacking?

DLL Hijacking is a common way attackers gain higher privileges on Windows systems. When a Windows program doesn’t specify the full path of a DLL it loads, Windows searches a series of directories looking for that DLL file. If an attacker can put a malicious DLL in a directory searched before the real one, their code gets loaded by the target application—often with SYSTEM or administrator privileges.

CVE-2022-45422 Explained

When LG SmartShare is installed, it typically runs as the logged-in user, but some of its components or background tasks may run with higher permissions. The issue here is that:

- SmartShare, on start, loads libraries (.dll files) from its installation folder without confirming if they are authentic.
- If someone places a malicious DLL—say, example.dll—in the same folder as the SmartShare executable, the application will load and execute the attacker's code as its own, inheriting its permissions.

Therefore, if you can write to SmartShare's application directory (sometimes possible for non-admin users after a default install), you can escalate privileges on the system.

Quick Proof-of-Concept (PoC)

*Below is a simple step-by-step PoC demonstrating the attack:*

1. Write a Malicious DLL

Let’s use a DLL that pops up a message box for demonstration (in a real attack it could open reverse shells, add users, etc).

// Save this as "example.c"
#include <windows.h>

BOOL APIENTRY DllMain(HMODULE hModule,
                      DWORD  ul_reason_for_call,
                      LPVOID lpReserved) {
    if (ul_reason_for_call == DLL_PROCESS_ATTACH) {
        MessageBox(NULL, "DLL Hijacked!", "CVE-2022-45422", MB_OK);
    }
    return TRUE;
}

Compile it

cl /LD example.c  // Or use MinGW: gcc -shared -o example.dll example.c

Real-World Impact

- Any standard user can become administrator if the application or its folders are set with insecure permissions (e.g. "Users: Full control").

LG's Security Advisory:

LVE-HOT-220005

CVE Details:

CVE-2022-45422 - NVD

DLL Hijacking Background:

Microsoft DLL Search Order

Update LG SmartShare: LG has likely released a fixed version. Patch as soon as possible.

- Check Folder Permissions: Ensure that C:\Program Files (x86) and its subfolders can’t be written to by regular users.
- Use Security Tools: Tools like Process Monitor or DLL Hijack Auditor can help detect vulnerable software.

Conclusion

*CVE-2022-45422* (LVE-HOT-220005) is a classic—but dangerous—local privilege escalation bug in LG SmartShare.  
Keeping software and operating system permissions tight is your best defense. Always patch promptly and limit what normal users can write to on disk.

Stay safe, and if you’re a sysadmin or everyday Windows user, check your apps often—you never know where the next privilege escalation might pop up!


*For more technical deep-dives, follow security advisories and vulnerability databases closely.*

Timeline

Published on: 11/21/2022 17:15:00 UTC
Last modified on: 11/23/2022 15:56:00 UTC