Insecure Libray Loading

Vulnerability

Quick Heal Internet Security Uncontrolled Search Path Element Vulnerability

Vulnerability Description

We found that the Quick Heal Installer Downloader (QuickHealInternetSecurity.EXE) and Quick Heal Installer (QHISFT32.EXE) application uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actor.

This vulnerability is called as Insecure Library Loading also known as DLL Hijacking attack.

Vendor

http://www.quickheal.co.in/

Products

  • Quick Heal Internet Security 10.1.0.316 and prior
  • Quick Heal Total Security 10.1.0.316 and prior
  • Quick Heal AntiVirus Pro 10.1.0.316 and prior

Disclosure Timeline

  1. 9 June 2016 – Reported to vendor
  2. 11 June 2016 – Received acknowledgement from vendor
  3. 1 August 2016 – Patch released

Credits

Ashfaq Ansari – Project Srishti – Payatu Technologies

 

Leave a Reply

Your email address will not be published. Required fields are marked *

5 × 3 =