Insecure DLL loading in Comodo Internet Security
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2019-18215 |
| CWE-ID | CWE-427 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software Subscribe |
Comodo Internet Security Client/Desktop applications / Antivirus software/Personal firewalls |
| Vendor | Comodo Group |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Insecure DLL loading
EUVDB-ID: #VU22895
Risk: Medium
CVSSv3.1: 6.1 [CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2019-18215
CWE-ID:
CWE-427 - Uncontrolled Search Path Element
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a DLL Preloading vulnerability in signmgr.dll 6.5.0.819. A remote administrator can place a specially crafted iLog.dll file in a partially unprotected product directory, trick the victim into opening a file, associated with the vulnerable application, and execute arbitrary code on victim's system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsComodo Internet Security: 12.0
CPE2.3
- cpe:2.3:a:comodo_group:comodo_internet_security:*:*:*:*:*:*:*:*
- Full software list in CPE2.3 format available after registration.
http://forums.comodo.com/news-announcements-feedback-cis/comodo-internet-security-2019-v12106914-released-t124993.0.html
http://safebreach.com/blog
http://safebreach.com/Post/Comodo-Internet-Security-DLL-Preloading-and-Potential-Abuses-CVE-2019-18215
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
