CVE-2022-31467

Name of the Vulnerable Software and Affected Versions Quick Heal Total Security versions prior to 12.1.1.27

Description A DLL hijacking issue allows a local attacker to achieve privilege escalation, leading to execution of arbitrary code. This occurs because the installer does not restrict the search path for required DLLs and does not verify the signature of the DLLs it tries to load.

Recommendations For versions prior to 12.1.1.27, update to version 12.1.1.27 or later to resolve the issue. As a temporary workaround, consider restricting the search path for required DLLs during installation to minimize the risk of exploitation.