Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Security)  >   Quick Heal Total Security Vendors:   Quick Heal Technologies
Quick Heal Total Security Lets Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1023225
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Updated:  Nov 23 2009
Original Entry Date:  Nov 23 2009
Impact:   Execution of arbitrary code via local system, Root access via local system
Exploit Included:  Yes  
Version(s): 2009; possibly other versions
Description:   Nishant Das Patnaik reported a vulnerability in Quick Heal Total Security. A local user can obtain elevated privileges on the target system.

The software installs program files with 'Full Control' privileges for the 'Everyone' group. A local user can modify the executable files to cause arbitrary code to be executed on the target system with System privileges when the system starts up.

The 'SCANWSCS.EXE' and 'OPSSVC.EXE' files are affected.

Quick Heal Antivirus Plus 2009 is also affected.

Impact:   A local user can obtain System privileges on the target system.
Solution:   No solution was available at the time of this entry.
Vendor URL: (Links to External Site)
Cause:   Access control error, Configuration error
Underlying OS:  Windows (Any)

Message History:   None.

 Source Message Contents

Subject:  Vulnerability Report *Edited*


My Name is Nishant Das Patnaik. I'm an independent security researcher based
out at India. I have discovered a Local Escalation of Privilege
Vulnerability in multiple products of Quick Heal Technologies Pvt. Ltd.

Details are available in the attached file.

Best Regards

Nishant Das Patnaik

Local privilege escalation vulnerability in Quick Heal Total Security 2009



Quick Heal Technologies Pvt. Ltd. (India)

Antivirus Plus 2009
Total Security 2009

Previous versions are very likely to be affected

Quick Heal Total Security 2009 installs the own program files with insecure permissions
(Everyone - Full Control). Local attacker (unprivileged user) can
replace some files (for example, executable files of Total Security 2009 services)
by malicious file and execute arbitary code with SYSTEM privileges. This
is local privilege escalation vulnerability.
For example, the following attack scenario could be used:

1. An attacker (unprivileged user) renames one of the program
files (below, the FILE). For example, the FILE could be any of the following


2. An attacker copies his malicious executable file (with same name as
the old filename of the FILE - SCANWSCS.exe) to program files folder.

3. Restart the system.
After restart attackers malicious file will be executed with SYSTEM

This is local privilege escalation vulnerability. An attacker must have
valid logon credentials to a system where vulnerable software is

No workarounds


Nishant Das Patnaik


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, LLC