CVE-2019-3973

Name of the Vulnerable Software and Affected Versions Comodo Antivirus versions 11.0.0.6582 and below

Description The issue allows a low-privileged process to crash CmdVirth.exe, decreasing the connection count of the cmdServicePort. An attacker can then use process hollowing to obtain a handle to cmdServicePort and send a specially crafted message using the FilterSendMessage API. This can trigger an out-of-bounds write if the lpOutBuffer parameter is near the end of the specified buffer bounds, causing a kernel crash due to a memset operation using a size beyond the buffer size.

Recommendations For Comodo Antivirus versions 11.0.0.6582 and below, consider disabling the CmdGuard.sys driver or restricting access to the cmdServicePort to minimize the risk of exploitation until a patch is available. Avoid using the FilterSendMessage API with the lpOutBuffer parameter near the end of the specified buffer bounds to prevent out-of-bounds writes.