Insecure Libray Loading


Quick Heal Internet Security Uncontrolled Search Path Element Vulnerability

Vulnerability Description

We found that the Quick Heal Installer Downloader (QuickHealInternetSecurity.EXE) and Quick Heal Installer (QHISFT32.EXE) application uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actor.

This vulnerability is called as Insecure Library Loading also known as DLL Hijacking attack.




  • Quick Heal Internet Security and prior
  • Quick Heal Total Security and prior
  • Quick Heal AntiVirus Pro and prior

Disclosure Timeline

  1. 9 June 2016 – Reported to vendor
  2. 11 June 2016 – Received acknowledgement from vendor
  3. 1 August 2016 – Patch released


Ashfaq Ansari – Project Srishti – Payatu Technologies