Qihoo 360 Total Security Local Protection Bypass Flaw

CVE-2026-12214 represents a critical protection mechanism failure in Qihoo 360 Total Security version 6.0, specifically within the Nucleus Engine Monitoring Logic's RpcStringBindingComposeW function. By manipulating the NetworkAddr argument, an attacker with local access can bypass built-in security protections, creating a path for privilege escalation or system compromise. This vulnerability is particularly concerning because Qihoo 360 is widely deployed in enterprise and consumer environments across Asia, and the vendor's non-response to early disclosure means patches may be unavailable for extended periods. The public exploit availability significantly elevates risk, as threat actors now have weaponized code ready for immediate deployment.

While this CVE lacks mapped MITRE ATT&CK techniques, Casky's Claude-powered analysis identifies this as a Protection Evasion pattern (ATT&CK T1211) and Privilege Escalation vector (T1134). Security practitioners using Casky would detect suspicious RPC binding composition attempts, local process manipulation targeting the Nucleus monitoring engine, and unexpected argument injection patterns in security software logs. The platform's extended reasoning capabilities would flag anomalous RPC calls with crafted NetworkAddr parameters, network stack manipulation attempts, and authentication bypass indicators. Practitioners would receive findings highlighting risky local execution contexts, defense mechanism disablement events, and process behavior consistent with exploit attempts—enabling proactive threat hunting before full system compromise occurs.