CVE-2022-31467 Information

Description

A DLL hijacking vulnerability in the installed for Quick Heal Total Security prior to 12.1.1.27 allows a local attacker to achieve privilege escalation leading to execution of arbitrary code via the installer not restricting the search path for required DLLs and then not verifying the signature of the DLLs it tries to load.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Reference

https://softwaresec001.wordpress.com/2022/05/13/dll-hijack-vulnerability-fixed-in-quick-heal-total-security/

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.3