14 matches found
CVE-2022-31467
A DLL hijacking vulnerability (CVE-2022-31467) affects Quick Heal Total Security prior to version 12.1.1.27. The installer does not restrict the DLL search path and fails to verify DLL signatures, enabling a local attacker to escalate privileges and execute arbitrary code. The Red Hat/NVD entries...
CVE-2022-31466
CVE-2022-31466 is a TOCTOU vulnerability in Quick Heal Total Security, affected versions prior to 12.1.1.27. The issue arises from the window between malware detection and quarantine/cleanup, enabling a local attacker to replace the quarantined file with a symlink and escalate privileges, potenti...
CVE-2017-8775
CVE-2017-8775 affects Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316. The issue is described as Memory Corruption while parsing a malformed Mach-O file. The connected documents corroborate this as a vulnerability in the affec...
CVE-2017-8774
CVE-2017-8774 affects Quick Heal Internet Security, Total Security and AntiVirus Pro (10.1.0.316). The vulnerability is a Memory Corruption issue triggered while parsing a malformed Mach-O file, per multiple sources (NVD and CNVD). CVSS scores indicate a HIGH to CRITICAL impact: CVSS v3.1 base sc...
CVE-2017-8773
CVE-2017-8773 affects Quick Heal families (Internet Security, Total Security, AntiVirus Pro) and stems from out-of-bounds write on a heap buffer caused by improper validation of the dwCompressionSize in the Microsoft WIM Header WIMHEADER_V1_PACKED. This leads to Remote Code Execution and Privileg...
CVE-2020-9362
Technical details about CVE-2020-9362 are not publicly available within the provided documents. The records show a virus-detection bypass in the Quick Heal AV parsing engine via crafted ZIP files, but no concrete affected versions, components, or fixes are disclosed here. Monitor for updates.
CVE-2017-5005
CNVD-2017-00081 and NVD/CVE-2017-5005 describe a stack-based buffer overflow affecting Quick Heal Internet Security, Total Security, and AntiVirus Pro on OS X (Mach-O) triggered by a crafted LC_UNIXTHREAD.cmdsize field during a Security Scan/Custom Scan. The vulnerability allows remote code execu...
CVE-2020-27585
CVE-2020-27585 affects Quick Heal Total Security prior to 19.0. The issue allows an attacker with local administrator rights to modify sensitive antivirus settings by brute-forcing the settings password. This is a local-privilege scenario (attack vector: LOCAL, authentication: NONE, impact: HIGH ...
CVE-2015-8285
CVE-2015-8285 concerns the webssx.sys driver in QuickHeal 16.00, where the QuickHeal antivirus software is vulnerable to remote denial-of-service via a flaw in the webssx.sys component. The available connected documents identify a DoS condition caused by this driver, with exploit code publicly re...
CVE-2017-8776
CVE-2017-8776 affects Quick Heal Internet Security, Total Security, and AntiVirus Pro 10.1.0.316. Connected documents confirm a root cause: approximately 165 PE files in the default installation do not use ASLR/DEP protections, leaving the product with reduced defenses against directed attacks. I...
CVE-2020-27587
CVE-2020-27587 affects Quick Heal Total Security prior to 19.0. The vulnerability allows attackers with local admin rights to brute-force the password and gain access to files stored in the program’s File Vault. The available documents do not provide explicit exploitation details, affected produc...
CVE-2020-27586
CVE-2020-27586 affects Quick Heal Total Security before version 19.0, where quarantine and system information files are transmitted in clear text. The connected documents corroborate the product/version and the data exposed (quarantine and sysinfo) but do not provide detailed root cause, affected...
CVE-2018-8090
CVE-2018-8090 is a DLL hijacking vulnerability affecting Quick Heal products: Quick Heal Total Security, Internet Security, and Anti-Virus Pro across 32/64‑bit builds and several versions (Total Security 64/32‑bit v17.00 with 10.0.1.38; Internet Security 64/32‑bit v17.00 with 10.0.0.37; Anti‑Viru...
CVE-2025-69875
CVE-2025-69875 – Quick Heal Total Security 23.0.0 (quarantine management) : The issue is insufficient validation of restore paths and improper permission handling, allowing a low-privileged local user to restore quarantined files into protected system directories, potentially enabling privilege e...