CVE-2022-34108

Vulnerability

The vulnerability resides in the Feature Navigator software by Micro-Star International (MSI), version 1.0.1808.0901. The software fails to properly handle specially crafted image or video files, leading to a Denial of Service (DoS) condition when such files are processed [1]. No authentication or special privileges are required to trigger the issue, as the vulnerable functionality is accessible through the normal operation of the application.

Exploitation

An attacker can cause a Denial of Service by providing or inducing the victim to open a crafted image or video file through the Feature Navigator interface. The exploitation does not require any special network position beyond delivering the malicious media file to the target system. User interaction is needed to load the file into the application [1].

Impact

Successful exploitation results in a Denial of Service (DoS), rendering the Feature Navigator application unavailable or unresponsive. No data confidentiality or integrity impact is described; the primary consequence is service disruption [1].

Mitigation

As of the publication date (2022-09-12), MSI has not released a patch or acknowledged the issue. There is no known workaround or KEV listing. Users are advised to limit exposure by restricting file sources or removing the application if it is not required [1].