Skip to content

Huorong Internet Security vulnerabilities 火绒安全软件漏洞

License

Notifications You must be signed in to change notification settings

SweetIceLolly/Huorong_Vulnerabilities

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

火绒安全软件漏洞

描述

火绒安全软件的名声一直挺不错的(至少我看来),并且以查杀准确、快速而收到不少好评。但是我在测试的时候发现其自我防护还尚有欠缺,还望尽快修复。值得一提的是,这个仓库里面涉及到的技术并不深奥,并且有些漏洞甚至不需要管理员权限就能被利用。

警告

创建该仓库的目的是测试及学习用途。对于您如何使用这个仓库里的内容,本人概不负责。请不要把该仓库里的内容用于任何不正当的用途。您只应该在自己的设备上或者自己的虚拟机中测试该仓库里面涉及到的技术。

测试环境

火绒安全软件版本: 5.0.39.7

操作系统: Windows 10 1909 x64

官方回应

2020年3月17日: 将漏洞反馈给火绒官方

2020年3月19日: 官方确认漏洞

2020年3月31日: 官方指除了PromptBypass1以外的漏洞均在火绒安全5.0.41.0修复。对于PromptBypass1,官方指“窗口程序无法知道消息来源,所以无法过滤” (请见帖子)。

帖子: http://bbs.huorong.cn/thread-67135-1-1.html

漏洞

请进入文件夹查看对应漏洞的详情

文件夹 需要管理员权限 描述 已修复
KillHipsDaemon 火绒防护程序HipsDaemon.exe的自我保护漏洞 ×
KillTray1 火绒托盘程序HipsTray.exe的自我保护漏洞 ×
KillTray2 火绒托盘程序HipsTray.exe的自我保护漏洞
PromptBypass1 火绒的防护弹窗的漏洞 ×
PromptBypass2 火绒防护程序的通讯漏洞

Huorong Internet Security Vulnerabilities

Description

Huorong Internet Security has a good reputation (at least in my opinion) and it received a lot of praise for its accuracy and rapidity. However, during my testing, I found that there are still some flaws in its self-protection. I hope they can be repaired as soon as possible. It is worth mentioning that the technology involved in this repository is not difficult, and some vulnerability can be exploited even without administrative privilege.

Warning

This repository is created for testing and educational purposes. I do not take any responsibility for what you do with the contents in this repository. Do not use the contents of this repository for any improper purpose. You should only test the technology involved in this repository on your own equipment or in your virtual machine.

Testing Environment

Huorong Internet Security Version: 5.0.39.7

Operating System: Windows 10 1909 x64

Official Response

2020 Mar 17: Vulnerabilities reported to the official

2020 Mar 19: Vulnerabilities confirmed officially

2020 Mar 31: The official says that all vulnerabilities except PromptBypass1 are fixed in Huorong Internet Security version 5.0.41.0. As for PromptBypass1, the official says that "The window cannot detect the source of the message, thus it cannot be filtered" (Please see the post).

The post: http://bbs.huorong.cn/thread-67135-1-1.html

Vulnerabilities

Please enter the folders to see corresponding vulnerability details

Folder Administrative Privilege Required Description Repaired
KillHipsDaemon Yes Self-protection vulnerability of Huorong Internet Security daemon process HipsDaemon.exe ×
KillTray1 Yes Self-protection vulnerability of Huorong Internet Security Tray process HipsTray.exe ×
KillTray2 No Self-protection vulnerability of Huorong Internet Security Tray process HipsTray.exe
PromptBypass1 No Huorong popup prompt vulnerability ×
PromptBypass2 No Communication vulnerability of Huorong Internet Security

Releases

No releases published

Packages

No packages published

Languages