Design a site like this with WordPress.com
Get started

CVE-2022-31467 Quick Heal Total Security before 12.1.1.27 allows DLL hijacking during installation.

Description:
CVE-2022-31467– Quick Heal Total Security before 12.1.1.27 allows DLL hijacking during installation.


Details:
A DLL hijack vulnerability was reported in the Quick Heal Total Security version prior to 12.1.1.27 that could allow the execution of arbitrary code during the installation of Quick Heal Total Security.

CVSS Score: 7.9 High
https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H/E:P/RL:U/RC:R

Security Impact:
It could be abused to load any arbitrary DLL and do any malicious activity such as creating a backdoor.

Technical Root Cause of the vulnerability
1. Loading of a DLL by installer process DLL from an unprotected
2. Loading a DLL without doing an integrity check/signature check

Date of Publication: May 23rd, 2022

Remediation:
Quick Heal Total Security users are recommended to upgrade to v12.1.1.27 and above. 

Vulnerability Reporter: Sandeep Kumar Singh

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-31467

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: