Vulnerabilities > Quickheal > Antivirus PRO

DATE CVE VULNERABILITY TITLE RISK
2020-02-24 CVE-2020-9362 Interpretation Conflict vulnerability in Quickheal products
The Quick Heal AV parsing engine (November 2019) allows virus-detection bypass via a crafted GPFLAG in a ZIP archive.
network
quickheal CWE-436
6.8
6.8
2018-07-25 CVE-2018-8090 Uncontrolled Search Path Element vulnerability in Quickheal Antivirus Pro, Internet Security and Total Security
Quick Heal Total Security 64 bit 17.00 (QHTS64.exe), (QHTSFT64.exe) - Version 10.0.1.38; Quick Heal Total Security 32 bit 17.00 (QHTS32.exe), (QHTSFT32.exe) - Version 10.0.1.38; Quick Heal Internet Security 64 bit 17.00 (QHIS64.exe), (QHISFT64.exe) - Version 10.0.0.37; Quick Heal Internet Security 32 bit 17.00 (QHIS32.exe), (QHISFT32.exe) - Version 10.0.0.37; Quick Heal AntiVirus Pro 64 bit 17.00 (QHAV64.exe), (QHAVFT64.exe) - Version 10.0.0.37; and Quick Heal AntiVirus Pro 32 bit 17.00 (QHAV32.exe), (QHAVFT32.exe) - Version 10.0.0.37 allow DLL Hijacking because of Insecure Library Loading.
network
quickheal CWE-427
6.8
6.8
2017-05-04 CVE-2017-8776 Unspecified vulnerability in Quickheal Antivirus Pro, Internet Security and Total Security
Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 have approximately 165 PE files in the default installation that do not use ASLR/DEP protection mechanisms that provide sufficient defense against directed attacks against the product.
network
low complexity
quickheal
5.0
5.0
2017-05-04 CVE-2017-8775 Out-of-bounds Write vulnerability in Quickheal Antivirus Pro, Internet Security and Total Security
Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 are vulnerable to Memory Corruption while parsing a malformed Mach-O file.
network
low complexity
quickheal CWE-787
7.5
7.5
2017-05-04 CVE-2017-8774 Out-of-bounds Write vulnerability in Quickheal Antivirus Pro, Internet Security and Total Security
Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 are vulnerable to Memory Corruption while parsing a malformed Mach-O file.
network
low complexity
quickheal CWE-787
7.5
7.5
2017-05-04 CVE-2017-8773 Out-of-bounds Write vulnerability in Quickheal Antivirus Pro, Internet Security and Total Security
Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 are vulnerable to Out of Bounds Write on a Heap Buffer due to improper validation of dwCompressionSize of Microsoft WIM Header WIMHEADER_V1_PACKED.
network
low complexity
quickheal CWE-787
7.5
7.5
2017-01-02 CVE-2017-5005 Out-of-bounds Write vulnerability in Quickheal Antivirus Pro, Internet Security and Total Security
Stack-based buffer overflow in Quick Heal Internet Security 10.1.0.316 and earlier, Total Security 10.1.0.316 and earlier, and AntiVirus Pro 10.1.0.316 and earlier on OS X allows remote attackers to execute arbitrary code via a crafted LC_UNIXTHREAD.cmdsize field in a Mach-O file that is mishandled during a Security Scan (aka Custom Scan) operation.
network
low complexity
quickheal CWE-787
7.5
7.5
2013-12-20 CVE-2013-6767 Buffer Errors vulnerability in Quickheal Antivirus PRO 7.0.0.1
Stack-based buffer overflow in pepoly.dll in Quick Heal AntiVirus Pro 7.0.0.1 allows local users to execute arbitrary code or cause a denial of service (process crash) via a long *.text value in a PE file.
local
low complexity
quickheal CWE-119
7.2
7.2