CVE-2020-9362

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2020-9362
The Quick Heal AV parsing engine (November 2019) allows virus-detection bypass via a crafted GPFLAG in a ZIP archive. This affects Total Security, Home Security, Total Security Multi-Device, Internet Security, Total Security for Mac, AntiVirus Pro, AntiVirus for Server, and Total Security for Android.

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.8 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://packetstormsecurity.com/files/156580/QuickHeal-Generic-Malformed-Archive-Bypass.html Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2020/Mar/14 Mailing List Third Party Advisory
https://blog.zoller.lu/p/from-low-hanging-fruit-department_24.html Third Party Advisory
https://blog.zoller.lu/p/tzo-20-2020-quickheal-malformed-archive.html Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:quickheal:antivirus_for_server:2019-11:*:*:*:*:*:*:*
cpe:2.3:a:quickheal:antivirus_pro:2019-11:*:*:*:*:*:*:*
cpe:2.3:a:quickheal:home_security:2019-11:*:*:*:*:*:*:*
cpe:2.3:a:quickheal:internet_security:2019-11:*:*:*:*:*:*:*
cpe:2.3:a:quickheal:total_security:2019-11:*:*:*:*:-:*:*
cpe:2.3:a:quickheal:total_security:2019-11:*:*:*:*:android:*:*
cpe:2.3:a:quickheal:total_security:2019-11:*:*:*:*:mac_os:*:*
cpe:2.3:a:quickheal:total_security_multi-device:2019-11:*:*:*:*:*:*:*
History

18 Apr 2022, 15:12

Type Values Removed Values Added
References (MISC) http://packetstormsecurity.com/files/156580/QuickHeal-Generic-Malformed-Archive-Bypass.html - (MISC) http://packetstormsecurity.com/files/156580/QuickHeal-Generic-Malformed-Archive-Bypass.html - Third Party Advisory, VDB Entry
References (FULLDISC) http://seclists.org/fulldisclosure/2020/Mar/14 - (FULLDISC) http://seclists.org/fulldisclosure/2020/Mar/14 - Mailing List, Third Party Advisory
CWE CWE-20 CWE-436
Information

Published : 2020-02-24 16:15

Updated : 2023-12-10 13:13

NVD link : CVE-2020-9362

Mitre link : CVE-2020-9362

CVE.ORG link : CVE-2020-9362

JSON object : View

Products Affected

quickheal

  • total_security_multi-device
  • internet_security
  • antivirus_for_server
  • home_security
  • antivirus_pro
  • total_security
CWE
CWE-436

Interpretation Conflict