CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-8773

Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 are vulnerable to Out of Bounds Write on a Heap Buffer due to improper validation of dwCompressionSize of Microsoft WIM Header WIMHEADER_V1_PACKED. This vulnerability can be exploited to gain Remote Code Execution as well as Privilege Escalation.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.019

EPSS Ranking 82.3%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

http://payatu.com/oob-write-heap-buffer-dwcompressionsize-ms-wim/
http://payatu.com/oob-write-heap-buffer-dwcompressionsize-ms-wim/

Products affected by CVE-2017-8773

Quickheal » Antivirus Pro » Version: 10.1.0.316

cpe:2.3:a:quickheal:antivirus_pro:10.1.0.316
Quickheal » Antivirus Pro » Version: 7.0.0.1

cpe:2.3:a:quickheal:antivirus_pro:7.0.0.1
Quickheal » Internet Security » Version: 10.1.0.316

cpe:2.3:a:quickheal:internet_security:10.1.0.316
Quickheal » Total Security » Version: 10.1.0.316

cpe:2.3:a:quickheal:total_security:10.1.0.316

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-8773

Products

Pricing

Contact Us