CVE-2022-31467

Опубликовано: 23 мая 2022

Источник: nvd

CVSS3: 7.9

CVSS3: 7.3

CVSS2: 4.4

EPSS Низкий

Описание

A DLL hijacking vulnerability in the installed for Quick Heal Total Security prior to 12.1.1.27 allows a local attacker to achieve privilege escalation, leading to execution of arbitrary code, via the installer not restricting the search path for required DLLs and then not verifying the signature of the DLLs it tries to load.

Ссылки

https://softwaresec001.wordpress.com/2022/05/13/dll-hijack-vulnerability-fixed-in-quick-heal-total-security/
Third Party Advisory
https://softwaresec001.wordpress.com/2022/05/13/dll-hijack-vulnerability-fixed-in-quick-heal-total-security/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:quickheal:total_security:*:*:*:*:*:*:*:*

Версия до 12.1.1.27 (исключая)

EPSS

Процентиль: 21%

0.0007

Низкий

7.9 High

CVSS3

7.3 High

CVSS3

4.4 Medium

CVSS2

Дефекты

CWE-427

Связанные уязвимости

GHSA-jhv9-9wc2-f5gg

CVSS3: 7.3

github

больше 3 лет назад

Quick Heal Total Security before 12.1.1.27 allows DLL hijacking during installation.

EPSS

Процентиль: 21%

0.0007

Низкий

7.9 High

CVSS3

7.3 High

CVSS3

4.4 Medium

CVSS2

Дефекты

CWE-427