// For flags

CVE-2017-8773

 

Severity Score

9.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 are vulnerable to Out of Bounds Write on a Heap Buffer due to improper validation of dwCompressionSize of Microsoft WIM Header WIMHEADER_V1_PACKED. This vulnerability can be exploited to gain Remote Code Execution as well as Privilege Escalation.

Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316 y Quick Heal AntiVirus Pro 10.1.0.316 son vulnerables a una escritura fuera de límites en el búfer de memoria dinámica (heap) debido a una validación incorrecta de dwCompressionSize de Microsoft WIM Header WIMHEADER_V1_PACKED. Esta vulnerabilidad puede explotarse para obtener la ejecución remota de código, así como para escalar de privilegios.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2017-05-03 CVE Reserved
  • 2017-05-04 CVE Published
  • 2024-09-17 CVE Updated
  • 2024-09-17 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-787: Out-of-bounds Write
CAPEC
References (1)
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Quickheal
Search vendor "Quickheal"
Antivirus Pro
Search vendor "Quickheal" for product "Antivirus Pro"
<= 10.1.0.316
Search vendor "Quickheal" for product "Antivirus Pro" and version " <= 10.1.0.316"
-
Affected
Quickheal
Search vendor "Quickheal"
Internet Security
Search vendor "Quickheal" for product "Internet Security"
<= 10.1.0.316
Search vendor "Quickheal" for product "Internet Security" and version " <= 10.1.0.316"
-
Affected
Quickheal
Search vendor "Quickheal"
Total Security
Search vendor "Quickheal" for product "Total Security"
<= 10.1.0.316
Search vendor "Quickheal" for product "Total Security" and version " <= 10.1.0.316"
-
Affected