Login Sign Up

CVE-2021-33974

8.8 HIGH
Remote Code Execution Buffer Overflow

📋 TL;DR

This CVE describes a buffer overflow vulnerability in Qihoo 360 security software that allows remote code execution. Attackers can exploit it by tricking users into opening malicious links in affected browsers, potentially leading to full system compromise. The vulnerability affects Qihoo 360 Safeguard, Total Security, and Chrome/Safe Browser users.

💻 Affected Systems

Products:
  • Qihoo 360 Safeguard
  • Qihoo 360 Total Security
  • Qihoo 360 Chrome
  • Qihoo 360 Safe Browser
Versions: 360 Safeguard: 12.1.0.1004, 12.1.0.1005, 13.1.0.1001; 360 Total Security: 10.8.0.1060, 10.8.0.1213; 360 Chrome/Safe Browser: 12.x, 13.x
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: This is a set of coordinated vulnerabilities affecting multiple Qihoo 360 products simultaneously.

📦 What is this software?

Total Security by 360

View all CVEs affecting Total Security →

Total Security by 360

View all CVEs affecting Total Security →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system takeover with persistent malware installation that evades detection by the very security software designed to protect the system.

🟠

Likely Case

Remote code execution leading to data theft, ransomware deployment, or system compromise.

🟢

If Mitigated

Limited impact if systems are patched, use application whitelisting, and have network segmentation.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires user interaction (opening malicious link) but no authentication. The vulnerability chain allows remote exploitation via browser and persistence via security software flaws.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after those listed as affected

Vendor Advisory: https://www.360.cn/

Restart Required: Yes

Instructions:

1. Open Qihoo 360 software. 2. Check for updates in settings. 3. Install all available updates. 4. Restart the computer.

🔧 Temporary Workarounds

Disable affected software

windows

Temporarily disable or uninstall affected Qihoo 360 software until patched.

Use alternative browser

windows

Switch to a different browser until Qihoo 360 Chrome/Safe Browser is updated.

🧯 If You Can't Patch

  • Implement network segmentation to isolate affected systems
  • Deploy application control/whitelisting to prevent unauthorized code execution

🔍 How to Verify

Check if Vulnerable:

Check Qihoo 360 software version in About or Settings section.

Check Version:

Check within Qihoo 360 software interface (no standard command-line method)

Verify Fix Applied:

Verify software version is higher than affected versions listed above.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected process creation from browser
  • Qihoo 360 software crash logs
  • Unusual network connections from browser processes

Network Indicators:

  • Outbound connections to suspicious domains after visiting links
  • Unusual traffic patterns from browser

SIEM Query:

Process creation where parent process contains '360' or 'chrome' AND command line contains suspicious parameters

📊 Metadata

CVE ID: CVE-2021-33974
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-120
Published: April 19, 2023
Last Updated: February 5, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-33974, you might also want to check these:

CVE-2023-24482 10.0

This CVE describes a critical buffer overflow vulnerability in COMOS software's cache validation ser...

Same vulnerability type (CWE-120)
CVE-2024-22039 10.0

This vulnerability allows unauthenticated remote attackers to execute arbitrary code with root privi...

Same vulnerability type (CWE-120)
CVE-2022-22570 10.0

A buffer overflow vulnerability in UniFi Door Access Reader Lite firmware allows attackers with netw...

Same vulnerability type (CWE-120)