CVE-2022-34109
Description
MSI Feature Navigator v1.0.1808.0901 allows arbitrary file write to \PromoPhoto\ directory, enabling attackers to place files of any type or size.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
MSI Feature Navigator v1.0.1808.0901 allows arbitrary file write to \PromoPhoto\ directory, enabling attackers to place files of any type or size.
Vulnerability
An issue in Micro-Star International MSI Feature Navigator v1.0.1808.0901 allows attackers to write arbitrary files to the directory \PromoPhoto\, regardless of file type or size [1]. The vulnerability resides in the file handling functionality of the software.
Exploitation
An attacker can exploit this vulnerability by providing a specially crafted file or path to the Feature Navigator application, resulting in arbitrary file write to the \PromoPhoto\ directory [1]. The attack vector requires local access or the ability to interact with the software; no authentication is specified as necessary.
Impact
Successful exploitation allows an attacker to write any file to the \PromoPhoto\ directory, which could lead to code execution if the written file is subsequently executed or included by the application or another process [1]. The impact is limited to the ability to place files, but the full consequences depend on the system configuration.
Mitigation
No official fix has been released as of the publication date [1]. Users should consider removing or restricting access to MSI Feature Navigator, or monitoring the \PromoPhoto\ directory for unauthorized files. The vendor was contacted but did not respond, so no patch is currently available [1].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Micro-Star International/MSI Feature Navigatordescription
- Range: =1.0.1808.0901
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
3- micro-star.commitrex_refsource_MISC
- msi.commitrex_refsource_MISC
- gainsec.com/2022/08/26/cve-2022-34109-cve-2022-34110-cve-2022-34108/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.