CVE-2021-33971 – This CVE describes a set of buffer overflow vul... (How to Fix)

Q: What is the severity of CVE-2021-33971?

CVE-2021-33971 has a CVSS score of 7.8 (HIGH). This CVE describes a set of buffer overflow vulnerabilities in Qihoo 360 security software that allow arbitrary code execution. Remote exploitation is possible via malicious links in affected browsers, while local exploitation targets antivirus kernel flaws for privilege escalation and persistence. Users of Qihoo 360 Safeguard, Total Security, and Safe Browser/Chrome are affected.

📋 TL;DR

This CVE describes a set of buffer overflow vulnerabilities in Qihoo 360 security software that allow arbitrary code execution. Remote exploitation is possible via malicious links in affected browsers, while local exploitation targets antivirus kernel flaws for privilege escalation and persistence. Users of Qihoo 360 Safeguard, Total Security, and Safe Browser/Chrome are affected.

💻 Affected Systems

Products:

Qihoo 360 Safeguard
Qihoo 360 Total Security
360 Safe Browser
360 Chrome

Versions: Safeguard: 12.1.0.1004-1005, 13.1.0.1001; Total Security: 10.8.0.1060-1213; Browser/Chrome: 13.0.2170.0

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations are vulnerable. The vulnerability chain combines remote browser exploitation with local antivirus kernel exploitation.

📦 What is this software?

Total Security by 360

View all CVEs affecting Total Security →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via remote code execution, privilege escalation to SYSTEM/admin, and persistent malware installation that evades detection by the very antivirus software it exploits.

🟠

Likely Case

Attackers deliver malware via malicious links, gain initial access through browser exploitation, then use local vulnerabilities to maintain persistence and evade security scans.

🟢

If Mitigated

With updated software and proper network segmentation, impact is limited to initial browser compromise without privilege escalation or persistence.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Proof-of-concept details available in public references. Remote exploitation requires user interaction (opening malicious link). Local exploitation requires initial access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Vendor has released fixes but specific version numbers not provided in CVE description

Vendor Advisory: Not provided in CVE description

Restart Required: Yes

Instructions:

1. Update all affected Qihoo 360 software to latest versions. 2. Restart systems after updates. 3. Verify updates through vendor channels.

🔧 Temporary Workarounds

Disable or remove affected software

windows

Uninstall vulnerable Qihoo 360 software and use alternative security solutions

Control Panel > Programs > Uninstall a program > Select Qihoo 360 software > Uninstall

Browser link restrictions

windows

Configure browser security settings to block automatic execution and restrict untrusted links

🧯 If You Can't Patch

Network segmentation to isolate systems with vulnerable software
Implement application whitelisting to prevent unauthorized code execution

🔍 How to Verify

Check if Vulnerable:

Check installed Qihoo 360 software versions against affected version ranges

Check Version:

Check through software interface: Help > About or Settings > About

Verify Fix Applied:

Verify all Qihoo 360 software shows version numbers higher than affected ranges

📡 Detection & Monitoring

Log Indicators:

Unusual process creation from browser or Qihoo 360 executables
Multiple buffer overflow errors in application logs

Network Indicators:

Unexpected outbound connections from Qihoo 360 processes
DNS requests to suspicious domains following browser activity

SIEM Query:

Process creation where (parent_process contains '360' OR parent_process contains 'browser') AND (process_name not in approved_list)

📊 Metadata

CVE ID: CVE-2021-33971

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-120

Published: April 19, 2023

Last Updated: February 5, 2025

🔗 References

https://MemoryCorruptor.blogspot.com/p/vulnerabilities-disclosures.html Third Party Advisory
https://pastebin.com/31v5JMcG Exploit,Third Party Advisory
https://www.youtube.com/channel/UCLJ6fZxUqbmPe4jiwC6o4hg/ Exploit
https://MemoryCorruptor.blogspot.com/p/vulnerabilities-disclosures.html Third Party Advisory
https://pastebin.com/31v5JMcG Exploit,Third Party Advisory
https://www.youtube.com/channel/UCLJ6fZxUqbmPe4jiwC6o4hg/ Exploit

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-33971, you might also want to check these: