CVE-2018-8090

HIGH

Quick Heal Various - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-8090. PoCs published by kernelm0de.

AI-analyzed exploit summary This repository documents a DLL hijacking vulnerability (CVE-2018-8090) in Quick Heal antivirus installers, allowing arbitrary code execution with admin privileges due to insecure library loading. The README lists affected products, versions, and vulnerable DLLs for both 32-bit and 64-bit systems.

Description

Quick Heal Total Security 64 bit 17.00 (QHTS64.exe), (QHTSFT64.exe) - Version 10.0.1.38; Quick Heal Total Security 32 bit 17.00 (QHTS32.exe), (QHTSFT32.exe) - Version 10.0.1.38; Quick Heal Internet Security 64 bit 17.00 (QHIS64.exe), (QHISFT64.exe) - Version 10.0.0.37; Quick Heal Internet Security 32 bit 17.00 (QHIS32.exe), (QHISFT32.exe) - Version 10.0.0.37; Quick Heal AntiVirus Pro 64 bit 17.00 (QHAV64.exe), (QHAVFT64.exe) - Version 10.0.0.37; and Quick Heal AntiVirus Pro 32 bit 17.00 (QHAV32.exe), (QHAVFT32.exe) - Version 10.0.0.37 allow DLL Hijacking because of Insecure Library Loading.

Exploits (1)

nomisec WRITEUP 3 stars
by kernelm0de · poc
https://github.com/kernelm0de/CVE-2018-8090

This repository documents a DLL hijacking vulnerability (CVE-2018-8090) in Quick Heal antivirus installers, allowing arbitrary code execution with admin privileges due to insecure library loading. The README lists affected products, versions, and vulnerable DLLs for both 32-bit and 64-bit systems.

Classification
Writeup 100%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: Quick Heal Total Security/Internet Security/Antivirus Pro (versions 17.00 and below)
No auth needed
Prerequisites: Local access to the system · Ability to place a malicious DLL in the search path of the installer
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Third Party Advisory x_refsource_misc
https://github.com/kernelm0de/CVE-2018-8090

Scores

CVSS v3 7.8
EPSS 0.0118
EPSS Percentile 63.8%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-427
Status published
Products (3)
quickheal/antivirus_pro 17.00
quickheal/internet_security 17.00
quickheal/total_security 17.00
Published Jul 25, 2018
Tracked Since Feb 18, 2026