CVE-2021-33974

Name of the Vulnerable Software and Affected Versions Qihoo 360 Safeguard versions 12.1.0.1004 through 12.1.0.1005 Qihoo 360 Safeguard version 13.1.0.1001 Qihoo 360 Total Security versions 10.8.0.1060 through 10.8.0.1213 Qihoo 360 Safe Browser & 360 Chrome version 12

Description The issue is a buffer overflow that allows for the execution of arbitrary code remotely. This set of vulnerabilities affects multiple popular software products from Qihoo 360, including their antivirus software and secure browsers. The attack vector involves either opening a malicious link in the browser to exploit the vulnerability remotely or locally executing a vulnerability exploitation program on the client software. The vulnerabilities can be exploited in conjunction with each other, allowing spyware to persist on the target computer without being detected by the antivirus software. This enables the virus to persistently control the target computer.

Recommendations For Qihoo 360 Safeguard versions 12.1.0.1004 through 12.1.0.1005, update to a version that has been fixed by the vendor. For Qihoo 360 Safeguard version 13.1.0.1001, update to a version that has been fixed by the vendor. For Qihoo 360 Total Security versions 10.8.0.1060 through 10.8.0.1213, update to a version that has been fixed by the vendor. For Qihoo 360 Safe Browser & 360 Chrome version 12, update to a version that has been fixed by the vendor. As a temporary workaround, consider restricting access to potentially vulnerable components until a patch is available.