CVE-2020-9362

The Quick Heal AV parsing engine (November 2019) allows virus-detection bypass via a crafted GPFLAG in a ZIP archive. This affects Total Security, Home Security, Total Security Multi-Device, Internet Security, Total Security for Mac, AntiVirus Pro, AntiVirus for Server, and Total Security for Android.

Published: Feb 24, 2020
Updated: Apr 14, 2023
CVE: CVE-2020-9362
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-436

Affected Software
References

Software	From	Fixed in
quickheal / home_security	2019-11	2019-11.x
quickheal / internet_security	2019-11	2019-11.x
quickheal / total_security_multi-device	2019-11	2019-11.x
quickheal / antivirus_pro	2019-11	2019-11.x
quickheal / antivirus_for_server	2019-11	2019-11.x
quickheal / total_security	2019-11	2019-11.x

http://packetstormsecurity.com/files/156580/QuickHeal-Generic-Malformed-Archive-Bypass.html
http://seclists.org/fulldisclosure/2020/Mar/14
https://blog.zoller.lu/p/from-low-hanging-fruit-department_24.html
https://blog.zoller.lu/p/tzo-20-2020-quickheal-malformed-archive.html

Vulnerability Database

289,697

CVE-2020-9362