CVE-2020-9362
Severity Score
7.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The Quick Heal AV parsing engine (November 2019) allows virus-detection bypass via a crafted GPFLAG in a ZIP archive. This affects Total Security, Home Security, Total Security Multi-Device, Internet Security, Total Security for Mac, AntiVirus Pro, AntiVirus for Server, and Total Security for Android.
El motor de análisis de Quick Heal AV (Noviembre 2019), permite una omisión de la detección de virus por medio de un GPFLAG diseñado en un archivo ZIP. Esto afecta a Total Security, Home Security, Total Security Multi-Device, Internet Security, Total Security for Mac, AntiVirus Pro, AntiVirus for Server, y Total Security for Android.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-02-24 CVE Reserved
- 2020-02-24 CVE Published
- 2024-07-22 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-436: Interpretation Conflict
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://packetstormsecurity.com/files/156580/QuickHeal-Generic-Malformed-Archive-Bypass.html | Third Party Advisory |
|
| http://seclists.org/fulldisclosure/2020/Mar/14 | Mailing List |
|
| https://blog.zoller.lu/p/from-low-hanging-fruit-department_24.html | Third Party Advisory | |
| https://blog.zoller.lu/p/tzo-20-2020-quickheal-malformed-archive.html | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Quickheal Search vendor "Quickheal" | Antivirus For Server Search vendor "Quickheal" for product "Antivirus For Server" | 2019-11 Search vendor "Quickheal" for product "Antivirus For Server" and version "2019-11" | - |
Affected
| ||||||
| Quickheal Search vendor "Quickheal" | Antivirus Pro Search vendor "Quickheal" for product "Antivirus Pro" | 2019-11 Search vendor "Quickheal" for product "Antivirus Pro" and version "2019-11" | - |
Affected
| ||||||
| Quickheal Search vendor "Quickheal" | Home Security Search vendor "Quickheal" for product "Home Security" | 2019-11 Search vendor "Quickheal" for product "Home Security" and version "2019-11" | - |
Affected
| ||||||
| Quickheal Search vendor "Quickheal" | Internet Security Search vendor "Quickheal" for product "Internet Security" | 2019-11 Search vendor "Quickheal" for product "Internet Security" and version "2019-11" | - |
Affected
| ||||||
| Quickheal Search vendor "Quickheal" | Total Security Search vendor "Quickheal" for product "Total Security" | 2019-11 Search vendor "Quickheal" for product "Total Security" and version "2019-11" | - |
Affected
| ||||||
| Quickheal Search vendor "Quickheal" | Total Security Search vendor "Quickheal" for product "Total Security" | 2019-11 Search vendor "Quickheal" for product "Total Security" and version "2019-11" | android |
Affected
| ||||||
| Quickheal Search vendor "Quickheal" | Total Security Search vendor "Quickheal" for product "Total Security" | 2019-11 Search vendor "Quickheal" for product "Total Security" and version "2019-11" | mac_os |
Affected
| ||||||
| Quickheal Search vendor "Quickheal" | Total Security Multi-device Search vendor "Quickheal" for product "Total Security Multi-device" | 2019-11 Search vendor "Quickheal" for product "Total Security Multi-device" and version "2019-11" | - |
Affected
| ||||||