Fortinet Discovers Qihoo 360 Arbitrary File Deletion Vulnerability
An Arbitrary File Deletion vulnerability has been discovered in Qihoo 360 by FortiGuard Labs. This vulnerability exists in its disinfection mechanism because the vulnerable application fails to verify if the target file is a symbolic link before deleting it. It could allow malicious users to delete any existing file on the system.
The vendor has not provided any solution for it.
Fortinet reported the vulnerability to Qihoo on August 30, 2020.
Qihoo received the vulnerability report, but didn't provide any update even if Fortinet sent inquiries more than 3 times.
This vulnerability was discovered by Ben Hunter of Fortinet's FortiGuard Labs.