CVE-2017-5005 for Quick Heal Antivirus
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability.
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
We found that the Quick Heal Internet Security is vulnerable to Out of Bound Write on Stack Buffer due to improper validation of
This vulnerability can be exploited to gain Remote Code Execution as well as Privilege Escalation.
Proof of Concept
- Quick Heal Internet Security 10.1.0.316 and prior
- Quick Heal Total Security 10.1.0.316 and prior
- Quick Heal AntiVirus Pro 10.1.0.316 and prior
- 09 June 2016 – Reported to vendor
- 11 June 2016 – Received acknowledgement from vendor & Patch released
Please see the file
LICENSE for copying permission