1. Home
  2. CVE Database
  3. CVE-2017-8773
CRITICAL · 9.8

CVE-2017-8773

Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 are vulnerable to Out of Bounds Write on a Heap Buffer due to improper validation...

Vulnerability Description

Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 are vulnerable to Out of Bounds Write on a Heap Buffer due to improper validation of dwCompressionSize of Microsoft WIM Header WIMHEADER_V1_PACKED. This vulnerability can be exploited to gain Remote Code Execution as well as Privilege Escalation.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
QuickhealAntivirus Pro<= 10.1.0.316
QuickhealInternet Security<= 10.1.0.316
QuickhealTotal Security<= 10.1.0.316

Related Weaknesses (CWE)

CWE-787

References

FAQ

What is CVE-2017-8773?

CVE-2017-8773 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 are vulnerable to Out of Bounds Write on a Heap Buffer due to improper validation...

How severe is CVE-2017-8773?

CVE-2017-8773 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2017-8773?

Check the references section above for vendor advisories and patch information. Affected products include: Quickheal Antivirus Pro, Quickheal Internet Security, Quickheal Total Security.