CVE-2009-4556

Quick Heal AntiVirus Plus 2009 10.00 SP1 and Quick Heal Total Security 2009 10.00 SP1 use weak permissions (Everyone: Full Control) for the product files, which allows local users to gain privileges by replacing executables with Trojan horse programs, as demonstrated by replacing quhlpsvc.exe.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 24%
VendorProductVersion
quickhealantivirus_plus_2009
10.00:sp1
quickhealtotal_security_2009
10.00:sp1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/37033
http://www.securityfocus.com/archive/1/507121/100/0/threaded
http://www.securityfocus.com/bid/36662
https://exchange.xforce.ibmcloud.com/vulnerabilities/53746
http://secunia.com/advisories/37033
http://www.securityfocus.com/archive/1/507121/100/0/threaded
http://www.securityfocus.com/bid/36662
https://exchange.xforce.ibmcloud.com/vulnerabilities/53746