Non-ASLR & DEP Modules

Vulnerability

Quick Heal AntiVirus Protection Mechanism Failure Vulnerability

Vulnerability Description

We found that approximately 165 PE files in Quick Heal AntiVirus default installation that does not use ASLR/DEP protection mechanism that provides sufficient defense against directed attacks against the product.

CVE ID

CVE-2017-8776

Vendor

http://www.quickheal.co.in/

Products

  • Quick Heal Internet Security 10.1.0.316 and prior
  • Quick Heal Total Security 10.1.0.316 and prior
  • Quick Heal AntiVirus Pro 10.1.0.316 and prior

Disclosure Timeline

  1. 9 June 2016 – Reported to vendor
  2. 11 June 2016 – Received acknowledgement from vendor
  3. 1 August 2016 – Patch released

Credits

Ashfaq Ansari – Project Srishti – Payatu Technologies

 

Leave a Reply

Your email address will not be published. Required fields are marked *

two × 4 =