CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-18215
https://notcve.org/view.php?id=CVE-2019-18215
An issue was discovered in signmgr.dll 6.5.0.819 in Comodo Internet Security through 12.0. A DLL Preloading vulnerability allows an attacker to implant an unsigned DLL named iLog.dll in a partially unprotected product directory. This DLL is then loaded into a high-privileged service before the binary signature validation logic is loaded, and might bypass some of the self-defense mechanisms. Se detectó un problema en la biblioteca signmgr.dll versión 6.5.0.819 en Comodo Internet Security versiones hasta 12.0. Una vulnerabilidad de Precarga de DLL permite a un atacante implantar una DLL sin firmar llamada iLog.dll en un directorio de productos parcialmente desprotegido. • https://forums.comodo.com/news-announcements-feedback-cis/comodo-internet-security-2019-v12106914-released-t124993.0.html https://safebreach.com/Post/Comodo-Internet-Security-DLL-Preloading-and-Potential-Abuses-CVE-2019-18215 https://safebreach.com/blog • CWE-427: Uncontrolled Search Path Element •
CVSS: 1.9EPSS: 0%CPEs: 36EXPL: 0CVE-2011-5118
https://notcve.org/view.php?id=CVE-2011-5118
Multiple race conditions in Comodo Internet Security before 5.8.213334.2131 allow local users to bypass the Defense+ feature via unspecified vectors. Múltiples condiciones de carrera (race conditions) en Comodo Internet Security anterior a 5.8.213334.2131 permite a usuarios locales saltarse la característica Defense+ a través de vectores no especificados. • http://personalfirewall.comodo.com/release_notes.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 4.9EPSS: 0%CPEs: 40EXPL: 1CVE-2012-2273
https://notcve.org/view.php?id=CVE-2012-2273
Comodo Internet Security before 5.10.228257.2253 on Windows 7 x64 allows local users to cause a denial of service (system crash) via a crafted 32-bit Portable Executable (PE) file with a kernel ImageBase value. Comodo Internet Security antes de v5.10.228257.2253 en Windows 7 para la plataforma x64 permite a usuarios locales provocar una denegación de servicio (por caída del sistema) a través de un fichero Portable Executable (PE) de 32-bits específicamente modificado para este fin con el valor 'kernel' en ImageBase. • http://archives.neohapsis.com/archives/bugtraq/2012-04/0139.html http://secunia.com/advisories/48928 http://www.comodo.com/home/download/release-notes.php?p=anti-malware http://www.securityfocus.com/bid/53163 http://www.securitytracker.com/id?1026982 • CWE-94: Improper Control of Generation of Code ('Code Injection') •