CVE-2020-9362
HIGHQuick Heal AntiVirus Products - Virus Detection Bypass via Malformed ZIP Archive GPFLAG
Title source: llmDescription
The Quick Heal AV parsing engine (November 2019) allows virus-detection bypass via a crafted GPFLAG in a ZIP archive. This affects Total Security, Home Security, Total Security Multi-Device, Internet Security, Total Security for Mac, AntiVirus Pro, AntiVirus for Server, and Total Security for Android.
References (4)
Core 4
Core References
Third Party Advisory x_refsource_misc
https://blog.zoller.lu/p/from-low-hanging-fruit-department_24.html
Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/156580/QuickHeal-Generic-Malformed-Archive-Bypass.html
Third Party Advisory x_refsource_misc
https://blog.zoller.lu/p/tzo-20-2020-quickheal-malformed-archive.html
Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2020/Mar/14
Scores
CVSS v3
7.8
EPSS
0.0149
EPSS Percentile
70.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-436
Status
published
Products (6)
quickheal/antivirus_for_server
2019-11
quickheal/antivirus_pro
2019-11
quickheal/home_security
2019-11
quickheal/internet_security
2019-11
quickheal/total_security
2019-11 (3 CPE variants)
quickheal/total_security_multi-device
2019-11
Published
Feb 24, 2020
Tracked Since
Feb 18, 2026