Vulnerability identifier: #VU22895

Vulnerability risk: Medium

CVSSv3.1: 6.1 [CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2019-18215

CWE-ID: CWE-427

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Comodo Internet Security
Client/Desktop applications / Antivirus software/Personal firewalls

Vendor: Comodo Group

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a DLL Preloading vulnerability in signmgr.dll 6.5.0.819. A remote administrator can place a specially crafted iLog.dll file in a partially unprotected product directory, trick the victim into opening a file, associated with the vulnerable application, and execute arbitrary code on victim's system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Comodo Internet Security: 12.0

---

External links
http://forums.comodo.com/news-announcements-feedback-cis/comodo-internet-security-2019-v12106914-released-t124993.0.html
http://safebreach.com/blog
http://safebreach.com/Post/Comodo-Internet-Security-DLL-Preloading-and-Potential-Abuses-CVE-2019-18215

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.