CVE-2022-31467
Summary
| CVE | CVE-2022-31467 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-05-23 19:16:00 UTC |
| Updated | 2022-06-02 20:53:00 UTC |
| Description | A DLL hijacking vulnerability in the installed for Quick Heal Total Security prior to 12.1.1.27 allows a local attacker to achieve privilege escalation, leading to execution of arbitrary code, via the installer not restricting the search path for required DLLs and then not verifying the signature of the DLLs it tries to load. |
Risk And Classification
Problem Types: CWE-427
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Quickheal | Total Security | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| DLL hijack vulnerability fixed in Quick Heal Total Security – Software Security | MISC | softwaresec001.wordpress.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Sandeep Kumar Singh
There are currently no legacy QID mappings associated with this CVE.