CVE-2021-33974

{"id": "CVE-2021-33974", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2023-04-19T21:15:06.740", "references": [{"url": "https://MemoryCorruptor.blogspot.com/p/vulnerabilities-disclosures.html", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://pastebin.com/ms1ivjYe", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-120"}]}], "descriptions": [{"lang": "en", "value": "Qihoo 360 (https://www.360.cn/) Qihoo 360 Safeguard (https://www.360.cn/) Qihoo 360 Chrome (https://browser.360.cn/ee/) is affected by: Buffer Overflow. The impact is: execute arbitrary code (remote). The component is: This is a set of vulnerabilities affecting popular software, and the installation packages correspond to versions \"360 Safeguard(12.1.0.1004,12.1.0.1005,13.1.0.1001)\" , \"360 Total Security(10.8.0.1060,10.8.0.1213)\", \"360 Safe Browser & 360 Chrome(12. The attack vector is: On the browser vulnerability, just open a link to complete the vulnerability exploitation remotely; on the client software, you need to locally execute the vulnerability exploitation program, which of course can be achieved with the full chain of browser vulnerability. \u00b6\u00b6 This is a set of the most serious vulnerabilities that exist on Qihoo 360's PC client multiple popular software, remote vulnerabilities can be accomplished by opening a link to arbitrary code execution on both security browsers, in conjunction with the exploitation of local vulnerabilities that allow spyware to persist without being scanned to permanently reside on the target PC computer (because local vulnerabilities target Qihoo 360 company's antivirus software kernel flaws); this set of remote and local vulnerabilities in perfect coordination, to achieve an information security fallacy, on Qihoo 360's antivirus software vulnerability, not only can not be scanned out of the virus, but will help the virus persistently control the target computer, while Qihoo 360 claims to be a secure browser, which exists in the kernel vulnerability but help the composition of the remote vulnerability.(Security expert \"Memory Corruptor\" have reported this set of vulnerabilities to the corresponding vendor, all vulnerabilities have been fixed and the vendor rewarded thousands of dollars to this security expert)"}], "lastModified": "2023-05-01T19:18:49.340", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:360:total_security:10.8.0.1060:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "96C5D566-EC1C-4698-A3F9-620E95A114EA"}, {"criteria": "cpe:2.3:a:360:total_security:10.8.0.1213:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4E6A3FC9-D113-4DE6-8026-D4D569AC739A"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}