A Security researcher from Vulnerability Lab has discovered a local stack buffer overflow vulnerability in the QuickHeal AntiVirus 7.0.0.1 (b2.0.0.1) Pro software.
Researcher says improper handling of buffers in the 'pepoly.dll' module on certain conditions leads to a stack overflow. Disabling the Core scanning server service could trigger the vulnerable point and crash the system.
"The vulnerability is located in the generated PE file `*.text` value. It can be overflowed by manipulating import of a malicious PE file.The issue is a classic (uni-code) stack buffer overflow"
A local attacker with low privilege can exploit this vulnerability to take control of the system or simply crash the quickheal software system process. The security risk of this vulnerability has been estimated as medium.
Researcher also provided a solution to fix the vulnerability: "It can be patched by a secure filter and size restriction of the PE file name text flag".
The proof of concept is available Here.
Via : ehackingnews
Sponsored Links
A Security researcher from Vulnerability Lab has discovered a local
stack buffer overflow vulnerability in the QuickHeal AntiVirus 7.0.0.1
(b2.0.0.1) Pro software.
Researcher says improper handling of buffers in the 'pepoly.dll' module on certain conditions leads to a stack overflow. Disabling the Core scanning server service could trigger the vulnerable point and crash the system.
"The vulnerability is located in the generated PE file `*.text` value. It can be overflowed by manipulating import of a malicious PE file.The issue is a classic (uni-code) stack buffer overflow"
A local attacker with low privilege can exploit this vulnerability to take control of the system or simply crash the quickheal software system process. The security risk of this vulnerability has been estimated as medium.
Researcher also provided a solution to fix the vulnerability: "It can be patched by a secure filter and size restriction of the PE file name text flag".
The proof of concept is available here.
Researcher says improper handling of buffers in the 'pepoly.dll' module on certain conditions leads to a stack overflow. Disabling the Core scanning server service could trigger the vulnerable point and crash the system.
"The vulnerability is located in the generated PE file `*.text` value. It can be overflowed by manipulating import of a malicious PE file.The issue is a classic (uni-code) stack buffer overflow"
A local attacker with low privilege can exploit this vulnerability to take control of the system or simply crash the quickheal software system process. The security risk of this vulnerability has been estimated as medium.
Researcher also provided a solution to fix the vulnerability: "It can be patched by a secure filter and size restriction of the PE file name text flag".
The proof of concept is available here.
3 comments
We must have read it all about how to keep safe, use this internet security and use that antivirus. but once you are infected with something like a rootkit they won't really do any good job.
Gaming Computer purchasing Tips
Thanks for sharing the information. It was such a nice articles over vulnerability in quickheal antivirus for more information contact
Kaspersky Toll Free Number | Kaspersky Customer Care Number | Kaspersky Helpline Number | Kaspersky Technical Support Number | Kaspersky Customer Support Number | Kaspersky Helpline Number | Kaspersky Tech Support Number | Kaspersky Customer Support | Kaspersky Customer Service Number | Kaspersky Customer Care Service | Kaspersky Tech Support | Kaspersky Customer Care Service | Kaspersky Antivirus | Kaspersky Number
Thanks for sharing the information. For more relevant info contact
Mcafee Tech Support Number | Mcafee Customer Support Number | Mcafee Technical Support Number | Mcafee Customer Service Number | Mcafee Toll Free Number | Mcafee Customer Care Number | Mcafee Helpline Number | Mcafee Helpdesk Number | Mcafee Retail Card Support | Mcafee Antivirus Support | Mcafee Contact Number | Mcafee Phone Number
Post a Comment