Vulnerability
Quick Heal Internet Security Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability
Vulnerability Description
We found that the Quick Heal Internet Security is vulnerable to Out of Bound Write on Heap Buffer due to improper validation of dwCompressionSize of Microsoft WIM Header WIMHEADER_V1_PACKED
.
This vulnerability can be exploited to gain Remote Code Execution as well as Privilege Escalation.
CVE ID
CVE-2017-8773
Vendor
Products
- Quick Heal Internet Security 10.1.0.316 and prior
- Quick Heal Total Security 10.1.0.316 and prior
- Quick Heal AntiVirus Pro 10.1.0.316 and prior
Disclosure Timeline
- 13 July 2016 – Reported to vendor
- 15 July 2016 – Received acknowledgement from vendor
- 20 July 2016 – Patch released
Credits
Ashfaq Ansari – Project Srishti – Payatu Technologies