CVE-2017-5005

CRITICAL

Quick Heal Internet Security <10.1.0.316 - Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-5005. PoCs published by payatu.

AI-analyzed exploit summary This repository contains a writeup for CVE-2017-5005, detailing an out-of-bounds write vulnerability in Quick Heal Antivirus products due to improper validation of LC_UNIXTHREAD.cmdsize in Mach-O files. The vulnerability can lead to remote code execution and privilege escalation.

Description

Stack-based buffer overflow in Quick Heal Internet Security 10.1.0.316 and earlier, Total Security 10.1.0.316 and earlier, and AntiVirus Pro 10.1.0.316 and earlier on OS X allows remote attackers to execute arbitrary code via a crafted LC_UNIXTHREAD.cmdsize field in a Mach-O file that is mishandled during a Security Scan (aka Custom Scan) operation.

Exploits (1)

nomisec WRITEUP 15 stars

by payatu · poc

https://github.com/payatu/QuickHeal

View Code ZIP pw:eip

This repository contains a writeup for CVE-2017-5005, detailing an out-of-bounds write vulnerability in Quick Heal Antivirus products due to improper validation of LC_UNIXTHREAD.cmdsize in Mach-O files. The vulnerability can lead to remote code execution and privilege escalation.

Classification

Writeup 90%

Attack Type

Rce | Lpe

Complexity

Moderate

Reliability

Theoretical

Target: Quick Heal Internet Security 10.1.0.316 and prior, Quick Heal Total Security 10.1.0.316 and prior, Quick Heal AntiVirus Pro 10.1.0.316 and prior

No auth needed

Prerequisites: A maliciously crafted Mach-O file

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →