CVE-2018-8090 — HIGH (7.8) — White Hats Nepal

Vulnerability Description

Quick Heal Total Security 64 bit 17.00 (QHTS64.exe), (QHTSFT64.exe) - Version 10.0.1.38; Quick Heal Total Security 32 bit 17.00 (QHTS32.exe), (QHTSFT32.exe) - Version 10.0.1.38; Quick Heal Internet Security 64 bit 17.00 (QHIS64.exe), (QHISFT64.exe) - Version 10.0.0.37; Quick Heal Internet Security 32 bit 17.00 (QHIS32.exe), (QHISFT32.exe) - Version 10.0.0.37; Quick Heal AntiVirus Pro 64 bit 17.00 (QHAV64.exe), (QHAVFT64.exe) - Version 10.0.0.37; and Quick Heal AntiVirus Pro 32 bit 17.00 (QHAV32.exe), (QHAVFT32.exe) - Version 10.0.0.37 allow DLL Hijacking because of Insecure Library Loading.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Quickheal	Antivirus Pro	17.00
Quickheal	Internet Security	17.00
Quickheal	Total Security	17.00

Related Weaknesses (CWE)

CWE-427

References

https://github.com/kernelm0de/CVE-2018-8090Third Party Advisory
https://github.com/kernelm0de/CVE-2018-8090Third Party Advisory

FAQ

What is CVE-2018-8090?

CVE-2018-8090 is a vulnerability with a CVSS score of 7.8 (HIGH). Quick Heal Total Security 64 bit 17.00 (QHTS64.exe), (QHTSFT64.exe) - Version 10.0.1.38; Quick Heal Total Security 32 bit 17.00 (QHTS32.exe), (QHTSFT32.exe) - Version 10.0.1.38; Quick Heal Internet Se...

How severe is CVE-2018-8090?

CVE-2018-8090 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-8090?

Check the references section above for vendor advisories and patch information. Affected products include: Quickheal Antivirus Pro, Quickheal Internet Security, Quickheal Total Security.