Vulnerability identifier: #VU22895
Vulnerability risk: Medium
CVSSv3.1: 6.1 [CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-427
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Comodo Internet Security
Client/Desktop applications /
Antivirus software/Personal firewalls
Vendor: Comodo Group
Description
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a DLL Preloading vulnerability in signmgr.dll 6.5.0.819. A remote administrator can place a specially crafted iLog.dll file in a partially unprotected product directory, trick the victim into opening a file, associated with the vulnerable application, and execute arbitrary code on victim's system.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Comodo Internet Security: 12.0
External links
http://forums.comodo.com/news-announcements-feedback-cis/comodo-internet-security-2019-v12106914-released-t124993.0.html
http://safebreach.com/blog
http://safebreach.com/Post/Comodo-Internet-Security-DLL-Preloading-and-Potential-Abuses-CVE-2019-18215
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.