CVE-2017-5005

EUVD-2017-14115
Stack-based buffer overflow in Quick Heal Internet Security 10.1.0.316 and earlier, Total Security 10.1.0.316 and earlier, and AntiVirus Pro 10.1.0.316 and earlier on OS X allows remote attackers to execute arbitrary code via a crafted LC_UNIXTHREAD.cmdsize field in a Mach-O file that is mishandled during a Security Scan (aka Custom Scan) operation.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 96%
Affected Products (NVD)
VendorProductVersion
quickhealantivirus_pro
𝑥
≤ 10.1.0.316
quickhealinternet_security
𝑥
≤ 10.1.0.316
quickhealtotal_security
𝑥
≤ 10.1.0.316
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/95194
http://www.securitytracker.com/id/1037547
https://github.com/payatu/QuickHeal
https://www.youtube.com/watch?v=h9LOsv4XE00
http://www.securityfocus.com/bid/95194
http://www.securitytracker.com/id/1037547
https://github.com/payatu/QuickHeal
https://www.youtube.com/watch?v=h9LOsv4XE00