Comodo Antivirus is released with vulnerabilities

Comodo Antivirus security software contains many vulnerabilities that could put users at risk, according to Tenable Research researchers.

Tenable Research reports that the 12.0.0.6810 version of Comodo Antivirus and Comodo Antivirus Advanced contains multiple vulnerabilities.

Comodo Antivirus

David Wells carried out an in-depth check on these vulnerabilities and in a post to  Medium blog, describes how security gaps could be used to allow a malicious user to escape the sandbox and gain system-level permissions. The researcher also published a PoC.

The first vulnerability, CVE-2019-3969, is a software issue in CmdAgent that allows attackers to bypass legitimate signature checks. Attackers are able to gain rights at the system level.

The second error is CVE-2019-3970, and it seems to be a very serious problem handling the Comodo software database. Tenable says the database can be stored in a protected folder on disk, but it is possible for any process with minimal permissions to modify the files in memory.

Another security gap is CVE-2019-3971, caused by an LCP port, cmdvrtLPCServerPort ..

Another is CVE-2019-3972, and is available at CmdAgent.exe.

The researcher also mentioned CVE-2019-3973, which affects security software only until the 11.0.0.6582 version.

Tenable's findings were reported to Comodo on April 17. By June, some of them had been confirmed, and the LPE error, according to Comodo, was "partly due to a Microsoft error."

We are currently expecting repairs from the security company. If you are using one of the applications mentioned above, it is advisable to use another, reliable one.

_________________

iGuRu.gr The Best Technology Site in Greeceggns

Get the best viral stories straight into your inbox!















Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).