Local Stack buffer overflow Vulnerability in Quickheal antivirus

A Security researcher from Vulnerability Lab has discovered a local stack buffer overflow vulnerability in the QuickHeal AntiVirus (b2.0.0.1) Pro software.
Researcher says improper handling of buffers in the 'pepoly.dll' module on certain conditions leads to a stack overflow.  Disabling the Core scanning server service could trigger the vulnerable point and crash the system.

"The vulnerability is located in the generated PE file `*.text` value. It can be overflowed by manipulating import of a malicious PE file.The issue is a classic (uni-code) stack buffer overflow"

A local attacker with low privilege can exploit this vulnerability to take control of the system or simply crash the quickheal software system process.  The security risk of this vulnerability has been estimated as medium.

Researcher also provided a solution to fix the vulnerability: "It can be patched by a secure filter and size restriction of the PE file name text flag".

The proof of concept is available here.
Category: / / /

Share this with Your friends: