CVE-2021-33974

Qihoo 360 (https://www.360.cn/) Qihoo 360 Safeguard (https://www.360.cn/) Qihoo 360 Chrome (https://browser.360.cn/ee/) is affected by: Buffer Overflow. The impact is: execute arbitrary code (remote). The component is: This is a set of vulnerabilities affecting popular software, and the installation packages correspond to versions "360 Safeguard(12.1.0.1004,12.1.0.1005,13.1.0.1001)" , "360 Total Security(10.8.0.1060,10.8.0.1213)", "360 Safe Browser & 360 Chrome(12. The attack vector is: On the browser vulnerability, just open a link to complete the vulnerability exploitation remotely; on the client software, you need to locally execute the vulnerability exploitation program, which of course can be achieved with the full chain of browser vulnerability. ¶¶ This is a set of the most serious vulnerabilities that exist on Qihoo 360's PC client multiple popular software, remote vulnerabilities can be accomplished by opening a link to arbitrary code execution on both security browsers, in conjunction with the exploitation of local vulnerabilities that allow spyware to persist without being scanned to permanently reside on the target PC computer (because local vulnerabilities target Qihoo 360 company's antivirus software kernel flaws); this set of remote and local vulnerabilities in perfect coordination, to achieve an information security fallacy, on Qihoo 360's antivirus software vulnerability, not only can not be scanned out of the virus, but will help the virus persistently control the target computer, while Qihoo 360 claims to be a secure browser, which exists in the kernel vulnerability but help the composition of the remote vulnerability.(Security expert "Memory Corruptor" have reported this set of vulnerabilities to the corresponding vendor, all vulnerabilities have been fixed and the vendor rewarded thousands of dollars to this security expert)
References
Link Resource
https://MemoryCorruptor.blogspot.com/p/vulnerabilities-disclosures.html Third Party Advisory
https://pastebin.com/ms1ivjYe Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:360:total_security:10.8.0.1060:*:*:*:*:*:*:*
cpe:2.3:a:360:total_security:10.8.0.1213:*:*:*:*:*:*:*

History

01 May 2023, 19:18

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
CWE CWE-120
CPE cpe:2.3:a:360:total_security:10.8.0.1213:*:*:*:*:*:*:*
cpe:2.3:a:360:total_security:10.8.0.1060:*:*:*:*:*:*:*
References (MISC) https://MemoryCorruptor.blogspot.com/p/vulnerabilities-disclosures.html - (MISC) https://MemoryCorruptor.blogspot.com/p/vulnerabilities-disclosures.html - Third Party Advisory
References (CONFIRM) https://pastebin.com/ms1ivjYe - (CONFIRM) https://pastebin.com/ms1ivjYe - Exploit, Third Party Advisory

20 Apr 2023, 13:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-04-19 21:15

Updated : 2024-02-04 23:37


NVD link : CVE-2021-33974

Mitre link : CVE-2021-33974

CVE.ORG link : CVE-2021-33974


JSON object : View

Products Affected

360

  • total_security
CWE
CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')