Vulnerability-Lookup

CNVD-2017-08792

Vulnerability from cnvd - Published: 2017-06-08

Title

多款Quick Heal产品安全绕过漏洞

Description

Quick Heal Internet Security、Quick Heal Total Security和Quick Heal AntiVirus Pro都是印度Quick Heal公司的杀毒软件。多款Quick Heal产品中的PE文件存在安全漏洞，由于程序未能使用ASLR/DEP保护机制。攻击者可利用该漏洞绕过安全保护。

Severity

中

Patch Name

多款Quick Heal产品安全绕过漏洞的补丁

Patch Description

Formal description

用户可参考如下厂商提供的安全补丁以修复该漏洞: http://www.quickheal.co.in/

Reference

http://payatu.com/quick-heal-antivirus-protection-mechanism-failure-vulnerability/ https://nvd.nist.gov/vuln/detail/CVE-2017-8776

Impacted products

Name
['Quick Heal Internet Security 10.1.0.316', 'Quick Heal Total Security 10.1.0.316', 'Quick Heal AntiVirus Pro 10.1.0.316']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-8776",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8776"
    }
  },
  "description": "Quick Heal Internet Security\u3001Quick Heal Total Security\u548cQuick Heal AntiVirus Pro\u90fd\u662f\u5370\u5ea6Quick Heal\u516c\u53f8\u7684\u6740\u6bd2\u8f6f\u4ef6\u3002\r\n\r\n\u591a\u6b3eQuick Heal\u4ea7\u54c1\u4e2d\u7684PE\u6587\u4ef6\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u7531\u4e8e\u7a0b\u5e8f\u672a\u80fd\u4f7f\u7528ASLR/DEP\u4fdd\u62a4\u673a\u5236\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u5b89\u5168\u4fdd\u62a4\u3002",
  "discovererName": "Ashfaq Ansari \u2013 Project Srishti \u2013 Payatu Technologies",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e:\r\nhttp://www.quickheal.co.in/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-08792",
  "openTime": "2017-06-08",
  "patchDescription": "Quick Heal Internet Security\u3001Quick Heal Total Security\u548cQuick Heal AntiVirus Pro\u90fd\u662f\u5370\u5ea6Quick Heal\u516c\u53f8\u7684\u6740\u6bd2\u8f6f\u4ef6\u3002\r\n\r\n\u591a\u6b3eQuick Heal\u4ea7\u54c1\u4e2d\u7684PE\u6587\u4ef6\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u7531\u4e8e\u7a0b\u5e8f\u672a\u80fd\u4f7f\u7528ASLR/DEP\u4fdd\u62a4\u673a\u5236\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u5b89\u5168\u4fdd\u62a4\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eQuick Heal\u4ea7\u54c1\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Quick Heal Internet Security 10.1.0.316",
      "Quick Heal Total Security 10.1.0.316",
      "Quick Heal AntiVirus Pro 10.1.0.316"
    ]
  },
  "referenceLink": "http://payatu.com/quick-heal-antivirus-protection-mechanism-failure-vulnerability/\r\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-8776",
  "serverity": "\u4e2d",
  "submitTime": "2017-05-08",
  "title": "\u591a\u6b3eQuick Heal\u4ea7\u54c1\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e"
}

CVE-2017-8776 (GCVE-0-2017-8776)

Vulnerability from cvelistv5 – Published: 2017-05-04 03:55 – Updated: 2024-09-16 17:34

Summary

Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 have approximately 165 PE files in the default installation that do not use ASLR/DEP protection mechanisms that provide sufficient defense against directed attacks against the product.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

http://payatu.com/quick-heal-antivirus-protection…

x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:48:21.634Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://payatu.com/quick-heal-antivirus-protection-mechanism-failure-vulnerability/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 have approximately 165 PE files in the default installation that do not use ASLR/DEP protection mechanisms that provide sufficient defense against directed attacks against the product."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-05-04T03:55:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://payatu.com/quick-heal-antivirus-protection-mechanism-failure-vulnerability/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-8776",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 have approximately 165 PE files in the default installation that do not use ASLR/DEP protection mechanisms that provide sufficient defense against directed attacks against the product."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://payatu.com/quick-heal-antivirus-protection-mechanism-failure-vulnerability/",
              "refsource": "MISC",
              "url": "http://payatu.com/quick-heal-antivirus-protection-mechanism-failure-vulnerability/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-8776",
    "datePublished": "2017-05-04T03:55:00.000Z",
    "dateReserved": "2017-05-03T00:00:00.000Z",
    "dateUpdated": "2024-09-16T17:34:17.668Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2017-08792

CVE-2017-8776 (GCVE-0-2017-8776)

Tags

Sightings

Nomenclature