U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Comodo Antivirus is affected by several vulnerabilities

Experts discovered several flaws in Comodo Antivirus, including a vulnerability that could allow to escape the sandbox and escalate privileges. The Tenable expert David Wells discovered five flaws in the Comodo Antivirus and Comodo Antivirus Advanced.  Four of the vulnerabilities affect were version 12.0.0.6810 and one the version 11.0.0.6582. The most severe flaw, tracked as CVE=2019-3969, could […]

comodo antivirus flaw

Experts discovered several flaws in Comodo Antivirus, including a vulnerability that could allow to escape the sandbox and escalate privileges.

The Tenable expert David Wells discovered five flaws in the Comodo Antivirus and Comodo Antivirus Advanced. 

Four of the vulnerabilities affect were version 12.0.0.6810 and one the version 11.0.0.6582.

The most severe flaw, tracked as CVE=2019-3969, could be exploited by an attacker with access to the target system to escape the Comodo Antivirus sandbox and escalate privileges to SYSTEM.

“An attacker can bypass this signing check however by changing the client’s process name within it’s PEB (Process Environment Block), or process hollowing a Comodo/Microsoft signed processes with malicious code. This is because CmdAgent’s signature check uses the filename from EnumProcessModules / GetModuleFilename for the COM Client’s PID. Once passing trusted binary check, an attacker can obtain an Instance of IServiceProvider.” reads the post published by Tenable. “With IServiceProvider, the attacker can then query for an interface to SvcRegKey and perform registry writes through the Out-Of-Proc COM server as “NT AUTHORTIY\SYSTEM”, allowing local privilege escalation.”

Another vulnerability, tracked as, CVE-2019-3970, is an arbitrary file write issue that could be’ exploited by an attacker to modify malware definitions and evade detection.

The remaining issue could be exploited by an attacker with access to the target system to trigger a DoS condition in the kernel and other components. All the flaws were rated As “medium” or “low” severity.

Wells published technical details for the sandbox escape/privilege escalation vulnerability in a post published on Medium.

comodo antivirus flaw

Wells also published a Proof-of-concept exploit code on GitHub and a video PoC for the flaw.

Tenable reported the flaws to Comodo in April, but at the time of writing the vendor has yet to address them.

“At the time of this disclosure, we are not aware of any patches released by Comodo that address these vulnerabilities. We recommend to keep updated on future Comodo Antivirus releases.” concludes Tenable.

Below the timeline for the flaw:

  • 04/17/19 – Tenable discloses to Comodo.
  • 04/29/19 – Tenable follows up, asking if vulnerabilities have been confirmed.
  • 05/07/19 – Comodo confirms some vulnerabilities, waiting to confirm others.
  • 05/20/19 – Tenabe requests status update.
  • 06/04/19 – Tenabe requests status update.
  • 06/04/19 – Comodo provides status update. No planned release date at this time
  • 06/04/19 – Tenable asks for confirmation of vulnerabilities
  • 06/07/19 – Comodo explains LPE vulnerability is partially due to Microsoft’s fault
  • 06/10/19 – Tenable asks what Microsoft’s fault is in this scenario
  • 06/19/19 – Tenable notifies Comodo that we plan to release CVEs for issues
  • 07/08/19 – Tenable asks when Comodo expects fixes for disclosed issues.
[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Comodo, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]