Vulnerabilities > CVE-2017-5005 - Out-of-bounds Write vulnerability in Quickheal Antivirus Pro, Internet Security and Total Security
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Stack-based buffer overflow in Quick Heal Internet Security 10.1.0.316 and earlier, Total Security 10.1.0.316 and earlier, and AntiVirus Pro 10.1.0.316 and earlier on OS X allows remote attackers to execute arbitrary code via a crafted LC_UNIXTHREAD.cmdsize field in a Mach-O file that is mishandled during a Security Scan (aka Custom Scan) operation.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 4 |
Common Weakness Enumeration (CWE)
References
- http://www.securityfocus.com/bid/95194
- http://www.securityfocus.com/bid/95194
- http://www.securitytracker.com/id/1037547
- http://www.securitytracker.com/id/1037547
- https://github.com/payatu/QuickHeal
- https://github.com/payatu/QuickHeal
- https://www.youtube.com/watch?v=h9LOsv4XE00
- https://www.youtube.com/watch?v=h9LOsv4XE00