exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Quick Heal Local Privilege Escalation

Quick Heal Local Privilege Escalation
Posted Oct 14, 2009
Authored by ShineShadow

Quick Heal suffers from a local privilege escalation vulnerability. Antivirus Plus 2009 for Desktop version 10.00 SP1 and Total Security 2009 version 10.00 SP1 are affected.

tags | advisory, local
SHA-256 | a7e12ae7f3325df3946da4bb5dfa8911981f261769814d18eb97809b70621b55

Quick Heal Local Privilege Escalation

Change Mirror Download
ShineShadow Security Report 13102009-11

TITLE

Quick Heal Local Privilege Escalation Vulnerability

BACKGROUND

Quick Heal Technologies is leading provider of AntiVirus and Internet Security tools and is leader in Anti-Virus Technology in India. A privately held company, Quick Heal Technologies Pvt. Ltd. (formerly known as Cat Computer Services (P) Ltd.) was founded in 1993 and has been actively involved in Research and Development of anti-virus software since then. Quick Heal an award-winning anti-virus product is installed in corporate, small business and consumers' homes, protecting their PCs from viruses and other malicious threats.

Source: http://www.quickheal.co.in

VULNERABLE PRODUCTS

Quick Heal Antivirus Plus 2009 for Desktop (v.10.00 SP1)
Quick Heal Total Security 2009 (v.10.00 SP1)

DETAILS

Quick Heal installs the own program files with insecure permissions (Everyone: Full Control). Local attacker (unprivileged user) can replace some files (for example, executable files of Quick Heal services) by malicious file and execute arbitrary code with SYSTEM privileges. This is local privilege escalation vulnerability.

For example, in Quick Heal Antivirus Plus 2009 the following attack scenario could be used:
1. An attacker (unprivileged user) replaces one of the Quick Heal Antivirus program files by malicious executable file. For example, the replacing file could be - %Program Files%\Quick Heal\Quick Heal AntiVirus Plus\quhlpsvc.exe (Quick Update Service).
2. Restart the system.
After restart attackers malicious file will be executed with SYSTEM privileges.

For other vulnerable Quick Heal products similar attack scenario could be used.

EXPLOITATION

This is local privilege escalation vulnerability. An attacker must have valid logon credentials to a system where vulnerable software is installed.

WORKAROUND

No workarounds

DISCLOSURE TIMELINE

31/08/2009 Initial vendor notification. Secure contacts requested.
01/09/2009 Vendor response
03/09/2009 Vulnerability details sent. Confirmation requested.
04/09/2009 Vendor requested additional information
05/09/2009 Additional information sent
07/09/2009 Vendor accepted vulnerability for analyzing
23/09/2009 Update status query sent
23/09/2009 Vendor response that vulnerability analyze not yet completed
24/09/2009 Planned disclosure date was sent to vendor. Coordinated disclosure date requested. – No reply.
13/10/2009 Advisory released

CREDITS

Maxim A. Kulakov (ShineShadow)
ss_contacts[at]hotmail.com
Login or Register to add favorites

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    15 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close