CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-31467

A DLL hijacking vulnerability in the installed for Quick Heal Total Security prior to 12.1.1.27 allows a local attacker to achieve privilege escalation, leading to execution of arbitrary code, via the installer not restricting the search path for required DLLs and then not verifying the signature of the DLLs it tries to load.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 17.9%

CVSS Severity

CVSS v3 Score 7.9

CVSS v2 Score 4.4

References

https://softwaresec001.wordpress.com/2022/05/13/dll-hijack-vulnerability-fixed-in-quick-heal-total-security/
https://softwaresec001.wordpress.com/2022/05/13/dll-hijack-vulnerability-fixed-in-quick-heal-total-security/

Products affected by CVE-2022-31467

Quickheal » Total Security » Version: 10.1.0.316

cpe:2.3:a:quickheal:total_security:10.1.0.316
Quickheal » Total Security » Version: 11.00

cpe:2.3:a:quickheal:total_security:11.00
Quickheal » Total Security » Version: 12.00

cpe:2.3:a:quickheal:total_security:12.00

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-31467

Products

Pricing

Contact Us