CVE-2022-34008
https://notcve.org/view.php?id=CVE-2022-34008
Comodo Antivirus 12.2.2.8012 has a quarantine flaw that allows privilege escalation. To escalate privilege, a low-privileged attacker can use an NTFS directory junction to restore a malicious DLL from quarantine into the System32 folder. Comodo Antivirus versión 12.2.2.8012, presenta un fallo de cuarentena que permite una escalada de privilegios. Para escalar privilegios, un atacante con pocos privilegios puede usar una unión de directorios NTFS para restaurar una DLL maliciosa de la cuarentena a la carpeta System32 • https://antivirus.comodo.com https://r0h1rr1m.medium.com/comodo-antivirus-local-privilege-escalation-through-insecure-file-move-476a4601d9b8 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2019-18215
https://notcve.org/view.php?id=CVE-2019-18215
An issue was discovered in signmgr.dll 6.5.0.819 in Comodo Internet Security through 12.0. A DLL Preloading vulnerability allows an attacker to implant an unsigned DLL named iLog.dll in a partially unprotected product directory. This DLL is then loaded into a high-privileged service before the binary signature validation logic is loaded, and might bypass some of the self-defense mechanisms. Se detectó un problema en la biblioteca signmgr.dll versión 6.5.0.819 en Comodo Internet Security versiones hasta 12.0. Una vulnerabilidad de Precarga de DLL permite a un atacante implantar una DLL sin firmar llamada iLog.dll en un directorio de productos parcialmente desprotegido. • https://forums.comodo.com/news-announcements-feedback-cis/comodo-internet-security-2019-v12106914-released-t124993.0.html https://safebreach.com/Post/Comodo-Internet-Security-DLL-Preloading-and-Potential-Abuses-CVE-2019-18215 https://safebreach.com/blog • CWE-427: Uncontrolled Search Path Element •
CVE-2019-14694
https://notcve.org/view.php?id=CVE-2019-14694
A use-after-free flaw in the sandbox container implemented in cmdguard.sys in Comodo Antivirus 12.0.0.6870 can be triggered due to a race condition when handling IRP_MJ_CLEANUP requests in the minifilter for directory change notifications. This allows an attacker to cause a denial of service (BSOD) when an executable is run inside the container. Se puede desencadenar un fallo use-after-free en el contenedor sandbox implementado en cmdguard.sys en Comodo Antivirus 12.0.0.6870 debido a una condición de carrera al manejar solicitudes IRP_MJ_CLEANUP en el minifiltro para notificaciones de cambio de directorio. Esto permite que un atacante provoque una denegación de servicio (BSOD) cuando se ejecuta un ejecutable dentro del contenedor. • http://rce4fun.blogspot.com/2019/08/comodo-antivirus-sandbox-race-condition.html https://github.com/SouhailHammou/Exploits/blob/master/CVE-2019-14694%20-%20Comodo%20AV%20Sandbox%20Race%20Condition%20UAF/comodo_av_uaf_poc.c • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVE-2019-14270
https://notcve.org/view.php?id=CVE-2019-14270
Comodo Antivirus through 12.0.0.6870, Comodo Firewall through 12.0.0.6870, and Comodo Internet Security Premium through 12.0.0.6870, with the Comodo Container feature, are vulnerable to Sandbox Escape. Comodo Antivirus hasta la versión 12.0.0.6870, Comodo Firewall hasta la versión 12.0.0.6870, y Comodo Internet Security Premium hasta la versión 12.0.0.6870, con la característica Comodo Container, son vulnerables a un escape del Sandbox. • https://gaissecurity.com/yazi/discovery-of-sandbox-escape-on-comodo-container-antivirus-amp-firewall •
CVE-2019-3973
https://notcve.org/view.php?id=CVE-2019-3973
Comodo Antivirus versions 11.0.0.6582 and below are vulnerable to Denial of Service affecting CmdGuard.sys via its filter port "cmdServicePort". A low privileged process can crash CmdVirth.exe to decrease the port's connection count followed by process hollowing a CmdVirth.exe instance with malicious code to obtain a handle to "cmdServicePort". Once this occurs, a specially crafted message can be sent to "cmdServicePort" using "FilterSendMessage" API. This can trigger an out-of-bounds write if lpOutBuffer parameter in FilterSendMessage API is near the end of specified buffer bounds. The crash occurs when the driver performs a memset operation which uses a size beyond the size of buffer specified, causing kernel crash. • https://www.tenable.com/security/research/tra-2019-34 • CWE-787: Out-of-bounds Write •