The Quick Heal AV parsing engine (November 2019) allows virus-detection bypass via a crafted GPFLAG in a ZIP archive. This affects Total Security, Home Security, Total Security Multi-Device, Internet Security, Total Security for Mac, AntiVirus Pro, AntiVirus for Server, and Total Security for Android.
Weakness
Product A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B’s state.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Antivirus_for_server | Quickheal | 2019-11 (including) | 2019-11 (including) |
| Antivirus_pro | Quickheal | 2019-11 (including) | 2019-11 (including) |
| Home_security | Quickheal | 2019-11 (including) | 2019-11 (including) |
| Internet_security | Quickheal | 2019-11 (including) | 2019-11 (including) |
| Total_security | Quickheal | 2019-11 (including) | 2019-11 (including) |
| Total_security_multi-device | Quickheal | 2019-11 (including) | 2019-11 (including) |
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/105.html
- https://cwe.mitre.org/data/definitions/273.html
- https://cwe.mitre.org/data/definitions/34.html
References
- http://packetstormsecurity.com/files/156580/QuickHeal-Generic-Malformed-Archive-Bypass.html
- http://seclists.org/fulldisclosure/2020/Mar/14
- https://blog.zoller.lu/p/from-low-hanging-fruit-department_24.html
- https://blog.zoller.lu/p/tzo-20-2020-quickheal-malformed-archive.html
- http://packetstormsecurity.com/files/156580/QuickHeal-Generic-Malformed-Archive-Bypass.html
- http://seclists.org/fulldisclosure/2020/Mar/14
- https://blog.zoller.lu/p/from-low-hanging-fruit-department_24.html
- https://blog.zoller.lu/p/tzo-20-2020-quickheal-malformed-archive.html