CVE-2017-5005

CRITICAL EPSS 94.8%
Published Jan 2, 20179y ago · Modified Jun 17, 20262w ago
9.8 CVSS 3.1
Critical
Find Similar
Published Jan 2, 2017 9y ago
Last Modified Jun 17, 2026 2w ago

Description

Stack-based buffer overflow in Quick Heal Internet Security 10.1.0.316 and earlier, Total Security 10.1.0.316 and earlier, and AntiVirus Pro 10.1.0.316 and earlier on OS X allows remote attackers to execute arbitrary code via a crafted LC_UNIXTHREAD.cmdsize field in a Mach-O file that is mishandled during a Security Scan (aka Custom Scan) operation.

CVSS Details

Base Score
9.8
Exploitability
3.9
Impact
5.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
94.8% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-787 Out-of-bounds Write Memory Safety

Affected Products 3

VendorProductVersionRange
quickhealantivirus_pro* ≤10.1.0.316
quickhealinternet_security* ≤10.1.0.316
quickhealtotal_security* ≤10.1.0.316

References 4

  • securityfocus.com http://www.securityfocus.com/bid/95194
    Third Party AdvisoryVDB Entry
  • securitytracker.com http://www.securitytracker.com/id/1037547
    Third Party AdvisoryVDB Entry
  • github.com https://github.com/payatu/QuickHeal
    ExploitThird Party Advisory
  • youtube.com https://www.youtube.com/watch?v=h9LOsv4XE00
    ExploitThird Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.