Vulnerability Details CVE-2017-5005
Stack-based buffer overflow in Quick Heal Internet Security 10.1.0.316 and earlier, Total Security 10.1.0.316 and earlier, and AntiVirus Pro 10.1.0.316 and earlier on OS X allows remote attackers to execute arbitrary code via a crafted LC_UNIXTHREAD.cmdsize field in a Mach-O file that is mishandled during a Security Scan (aka Custom Scan) operation.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.315
EPSS Ranking 96.5%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://www.securityfocus.com/bid/95194
- http://www.securitytracker.com/id/1037547
- https://github.com/payatu/QuickHeal
- https://www.youtube.com/watch?v=h9LOsv4XE00
- http://www.securityfocus.com/bid/95194
- http://www.securitytracker.com/id/1037547
- https://github.com/payatu/QuickHeal
- https://www.youtube.com/watch?v=h9LOsv4XE00
Products affected by CVE-2017-5005
-
cpe:2.3:a:quickheal:antivirus_pro:10.1.0.316
-
cpe:2.3:a:quickheal:antivirus_pro:7.0.0.1
-
cpe:2.3:a:quickheal:internet_security:10.1.0.316
-
cpe:2.3:a:quickheal:total_security:10.1.0.316