https://www.tenable.com/security/research/tra-2019-34

The version of the Comodo security product installed on the remote Windows host is affected by multiple vulnerabilities:

  - A Local Privilege Escalation due to CmdAgent's handling     of COM clients. A local process can bypass the signature     check enforced by CmdAgent via process hollowing which     can then allow the process to invoke sensitive COM     methods in CmdAgent such as writing to the registry with     SYSTEM privileges.(CVE-2019-3969)

  - An Arbitrary File Write due to Cavwp.exe handling of     Comodo's Antivirus database. Cavwp.exe loads Comodo     antivirus definition database in unsecured global     section objects, allowing a local low privileged process     to modify this data directly and change virus     signatures. (CVE-2019-3970)

  - A local Denial of Service affecting CmdVirth.exe via its     LPC port cmdvrtLPCServerPort. A low privileged local     process can connect to this port and send an     LPC_DATAGRAM, which triggers an Access Violation due to     hardcoded NULLs used for Source parameter in a memcpy     operation that is called for this handler. This results     in CmdVirth.exe and its child svchost.exe instances to     terminate. (CVE-2019-3971)

  - A Denial of Service affecting CmdAgent.exe via an     unprotected section object <GUID>_CisSharedMemBuff. This     section object is exposed by CmdAgent and contains a     SharedMemoryDictionary object, which allows a low     privileged process to modify the object data causing     CmdAgent.exe to crash. (CVE-2019-3972)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

CVE-2019-3972

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins