Payatu Research Team performed vulnerability research on QuickHeal Anti-virus and we were able to find few vulnerabilities in the AV which could be exploited to compromise the victim machine.
Quick Heal Anti-Virus
Around the mid of May 2016 we started evaluating the Quick Heal Anti-Virus for exploitable software vulnerabilities.
We started fuzz testing the Anti-Virus and found quite a number of exploitable vulnerabilities in the Quick Heal AV product within 7-8 days.
Some categories of vulnerabilities found were, Out of Bound Write on Stack/Heap, Out of Bound Reads, Memory Corruption, Lack of Compiler Enable Security Measures and Insecure Library Loading.
We privately reported all the vulnerabilities, that were triaged by the team, to Quick Heal. However, due to time constraints we concluded our fuzz testing efforts after that.
For reference to the readers, below are the list of all the patched vulnerabilities we found:
Some of the major issues that we discovered were:
- Exploit mitigation mechanisms provided by compiler were not enabled, like GS (Guard Stack), DEP (Data Execution Prevention), ASLR (Address Space Layout Randomization) and SafeSEH was found missing in most of the DLLs. There were 165 PE files that did not enable ASLR, DEP and GS protection.
- We submitted a working exploit that achieved Remote Code Execution and Privilege Escalation as well. CVE-2017- 5005 was assigned for this bug and a Proof of concept exploit is available at https://github.com/payatu/QuickHeal
When the bugs were reported, Quick Heal Quality Assurance team was quick enough to release the patch for the vulnerabilities reported on priority. Kudos to Quality Assurance team for that!
We look forward to doing some more fuzz testing on the AV in the near future. Keep an eye on our advisory page.
If your organization is interested in performing vulnerability research on your products, feel free to get in touch with us at info AT payatu DOT com