CVE-2019-3972

Name of the Vulnerable Software and Affected Versions Comodo Antivirus versions 12.0.0.6810 and below

Description The issue affects the CmdAgent.exe component through an unprotected section object, allowing a low-privileged process to modify the object data and cause the application to crash. This can be achieved by accessing the <GUID> CisSharedMemBuff section object exposed by CmdAgent, which contains a SharedMemoryDictionary object.

Recommendations For Comodo Antivirus versions 12.0.0.6810 and below, consider restricting access to the SharedMemoryDictionary object within the <GUID> CisSharedMemBuff section to prevent low-privileged processes from modifying its data. As a temporary workaround, limiting interactions with the CmdAgent.exe component may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.