OOB Write Stack Buffer LC_UNIXTHREAD.cmdsize Mach-O

Vulnerability

Quick Heal Internet Security Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability

Vulnerability Description

We found that the Quick Heal Internet Security is vulnerable to Out of Bound Write on Stack Buffer due to improper validation of LC_UNIXTHREAD.cmdsize (Mach-O).

This vulnerability can be exploited to gain Remote Code Execution as well as Privilege Escalation.

CVE ID

CVE-2017-5005

Vendor

http://www.quickheal.co.in/

Products

  • Quick Heal Internet Security 10.1.0.316 and prior
  • Quick Heal Total Security 10.1.0.316 and prior
  • Quick Heal AntiVirus Pro 10.1.0.316 and prior

Disclosure Timeline

  1. 9 June 2016 – Reported to vendor
  2. 11 June 2016 – Received acknowledgement from vendor and patch released

Exploit

https://github.com/payatu/QuickHeal/

Credits

Ashfaq Ansari – Project Srishti – Payatu Technologies

 

Leave a Reply

Your email address will not be published. Required fields are marked *

2 × two =