CVE-2017-8773

Name of the Vulnerable Software and Affected Versions Quick Heal Internet Security version 10.1.0.316 Quick Heal Total Security version 10.1.0.316 Quick Heal AntiVirus Pro version 10.1.0.316

Description The issue is caused by a buffer overflow in the dynamic memory due to insufficient validation of the dwCompressionSize parameter in the Microsoft WIM (WIMHEADER V1 PACKED) file header. This can allow a remote attacker to elevate privileges and execute arbitrary code, potentially leading to Remote Code Execution as well as Privilege Escalation.

Recommendations For Quick Heal Internet Security version 10.1.0.316, consider disabling the handling of Microsoft WIM files until a patch is available. For Quick Heal Total Security version 10.1.0.316, restrict access to the module responsible for processing WIM files to minimize the risk of exploitation. For Quick Heal AntiVirus Pro version 10.1.0.316, avoid using the dwCompressionSize parameter in the WIM file header until the issue is resolved.