CVE-2019-18215
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
An issue was discovered in signmgr.dll 6.5.0.819 in Comodo Internet Security through 12.0. A DLL Preloading vulnerability allows an attacker to implant an unsigned DLL named iLog.dll in a partially unprotected product directory. This DLL is then loaded into a high-privileged service before the binary signature validation logic is loaded, and might bypass some of the self-defense mechanisms.
Se detectó un problema en la biblioteca signmgr.dll versión 6.5.0.819 en Comodo Internet Security versiones hasta 12.0. Una vulnerabilidad de Precarga de DLL permite a un atacante implantar una DLL sin firmar llamada iLog.dll en un directorio de productos parcialmente desprotegido. Esta DLL es luego cargada en un servicio muy privilegio antes de que se cargue la lógica de comprobación de firma binaria, y puede omitir algunos de los mecanismos de autodefensa.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-10-20 CVE Reserved
- 2019-11-18 CVE Published
- 2023-09-07 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-427: Uncontrolled Search Path Element
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://safebreach.com/blog | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://safebreach.com/Post/Comodo-Internet-Security-DLL-Preloading-and-Potential-Abuses-CVE-2019-18215 | 2024-08-05 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Comodo Search vendor "Comodo" | Comodo Internet Security Search vendor "Comodo" for product "Comodo Internet Security" | < 12.1.0.6914 Search vendor "Comodo" for product "Comodo Internet Security" and version " < 12.1.0.6914" | - |
Affected
| ||||||