CVE-2026-12214
Received Received - Intake
Qihoo 360 Total Security Protection Bypass via Nucleus Engine

Publication date: 2026-06-15

Last updated on: 2026-06-15

Assigner: VulDB

Description
A security flaw has been discovered in Qihoo 360 Total Security 6.0. This vulnerability affects the function RpcStringBindingComposeW of the component Nucleus Engine Monitoring Logic. Performing a manipulation of the argument NetworkAddr results in protection mechanism failure. The attack requires a local approach. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-15
Last Modified
2026-06-15
Generated
2026-06-15
AI Q&A
2026-06-15
EPSS Evaluated
N/A
NVD
CVE-2026-12214
EUVD
EUVD-2026-36688
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
qihoo 360_total_security 6.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-693 The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

Exploiting this vulnerability can lead to a failure of protection mechanisms within the affected software, potentially allowing an attacker with local access to compromise the system's security.

Given the high CVSS scores (7.1 to 7.8), the impact includes high confidentiality, integrity, and availability risks, meaning sensitive data could be exposed or altered, and system functionality could be disrupted.

Compliance Impact

This vulnerability allows attackers to bypass security mechanisms in Qihoo 360 Total Security's Nucleus Engine, enabling unauthorized creation or modification of scheduled tasks without detection.

Such unauthorized access and potential system compromise can lead to breaches of confidentiality, integrity, and availability of sensitive data.

Consequently, organizations using affected versions may face challenges in maintaining compliance with standards like GDPR and HIPAA, which require robust access controls and monitoring to protect personal and sensitive information.

Detection Guidance

This vulnerability can be detected by monitoring RPC bindings, specifically checking if the NetworkAddr parameter in RpcStringBindingComposeW is set to NULL or "0" instead of "localhost". Since the Nucleus Engine fails to detect these cases, detection involves inspecting RPC client implementations and scheduled task creation attempts that use these bypass values.

Suggested detection methods include enhancing RPC binding monitoring to treat NULL, "0", and "localhost" as equivalent, and implementing deep inspection of RPC payloads related to Task Scheduler operations.

While no specific commands are provided in the resources, system administrators can use tools like Windows PowerShell or Sysinternals Process Monitor to trace RPC calls and scheduled task creation events, focusing on RPC bindings with NetworkAddr set to NULL or "0".

Mitigation Strategies

Immediate mitigation steps include enhancing the monitoring of RPC bindings to treat NULL, "0", and "localhost" as equivalent values to prevent bypassing detection.

Implementing deep inspection of RPC payloads and adding multiple detection layers for Task Scheduler operations can help prevent exploitation.

Since the vulnerability requires local code execution, restricting local access and privileges can reduce the risk of exploitation.

Executive Summary

This vulnerability is a security flaw found in Qihoo 360 Total Security 6.0, specifically in the RpcStringBindingComposeW function of the Nucleus Engine Monitoring Logic component. The flaw occurs when the argument NetworkAddr is manipulated, which leads to a failure in the protection mechanism. The attack exploiting this vulnerability requires local access to the system.

The vulnerability has been publicly disclosed and an exploit is available, meaning attackers can use it to compromise affected systems. The vendor was informed but did not respond.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-12214. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart