2 results (0.002 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1

An issue was discovered in signmgr.dll 6.5.0.819 in Comodo Internet Security through 12.0. A DLL Preloading vulnerability allows an attacker to implant an unsigned DLL named iLog.dll in a partially unprotected product directory. This DLL is then loaded into a high-privileged service before the binary signature validation logic is loaded, and might bypass some of the self-defense mechanisms. Se detectó un problema en la biblioteca signmgr.dll versión 6.5.0.819 en Comodo Internet Security versiones hasta 12.0. Una vulnerabilidad de Precarga de DLL permite a un atacante implantar una DLL sin firmar llamada iLog.dll en un directorio de productos parcialmente desprotegido. • https://forums.comodo.com/news-announcements-feedback-cis/comodo-internet-security-2019-v12106914-released-t124993.0.html https://safebreach.com/Post/Comodo-Internet-Security-DLL-Preloading-and-Potential-Abuses-CVE-2019-18215 https://safebreach.com/blog • CWE-427: Uncontrolled Search Path Element •

CVSS: 4.9EPSS: 0%CPEs: 40EXPL: 1

Comodo Internet Security before 5.10.228257.2253 on Windows 7 x64 allows local users to cause a denial of service (system crash) via a crafted 32-bit Portable Executable (PE) file with a kernel ImageBase value. Comodo Internet Security antes de v5.10.228257.2253 en Windows 7 para la plataforma x64 permite a usuarios locales provocar una denegación de servicio (por caída del sistema) a través de un fichero Portable Executable (PE) de 32-bits específicamente modificado para este fin con el valor 'kernel' en ImageBase. • http://archives.neohapsis.com/archives/bugtraq/2012-04/0139.html http://secunia.com/advisories/48928 http://www.comodo.com/home/download/release-notes.php?p=anti-malware http://www.securityfocus.com/bid/53163 http://www.securitytracker.com/id?1026982 • CWE-94: Improper Control of Generation of Code ('Code Injection') •