Insecure DLL loading in Comodo Internet Security



Published: 2019-11-21
Risk Medium
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2019-18215
CWE-ID CWE-427
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Vulnerable software
Subscribe
Comodo Internet Security
Client/Desktop applications / Antivirus software/Personal firewalls

Vendor Comodo Group

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Insecure DLL loading

EUVDB-ID: #VU22895

Risk: Medium

CVSSv3.1: 6.1 [CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2019-18215

CWE-ID: CWE-427 - Uncontrolled Search Path Element

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a DLL Preloading vulnerability in signmgr.dll 6.5.0.819. A remote administrator can place a specially crafted iLog.dll file in a partially unprotected product directory, trick the victim into opening a file, associated with the vulnerable application, and execute arbitrary code on victim's system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Comodo Internet Security: 12.0


CPE2.3 External links

http://forums.comodo.com/news-announcements-feedback-cis/comodo-internet-security-2019-v12106914-released-t124993.0.html
http://safebreach.com/blog
http://safebreach.com/Post/Comodo-Internet-Security-DLL-Preloading-and-Potential-Abuses-CVE-2019-18215

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.



###SIDEBAR###