PT-2017-16261 · Quick Heal · Quick Heal Antivirus Pro+2
Ashfaq Ansari
·
Publicado
2017-01-02
·
Atualizado
2021-09-13
·
CVE-2017-5005
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Quick Heal Internet Security versions 10.1.0.316 and earlier
Quick Heal Total Security versions 10.1.0.316 and earlier
Quick Heal AntiVirus Pro versions 10.1.0.316 and earlier
Description
The issue is related to a stack-based buffer overflow that can be triggered by a crafted LC UNIXTHREAD.cmdsize field in a Mach-O file. This occurs when the file is mishandled during a Security Scan operation, also known as a Custom Scan. This can allow remote attackers to execute arbitrary code.
Recommendations
For Quick Heal Internet Security versions 10.1.0.316 and earlier, update to a version later than 10.1.0.316.
For Quick Heal Total Security versions 10.1.0.316 and earlier, update to a version later than 10.1.0.316.
For Quick Heal AntiVirus Pro versions 10.1.0.316 and earlier, update to a version later than 10.1.0.316.
Exploit
Correção
Memory Corruption
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Quick Heal Antivirus Pro
Quick Heal Internet Security
Quick Heal Total Security