PT-2019-16819 · Comodo · Comodo Antivirus
David Wells
·
Published
2019-07-17
·
Updated
2021-07-21
·
CVE-2019-3970
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Comodo Antivirus versions up to 12.0.0.6810
Description
The issue arises from the handling of Comodo's Antivirus database by Cavwp.exe, which loads the Comodo antivirus definition database into unsecured global section objects. This allows a local low-privileged process to directly modify the data and change virus signatures, resulting in an Arbitrary File Write issue.
Recommendations
For Comodo Antivirus versions up to 12.0.0.6810, consider restricting access to the Cavwp.exe process until a patch is available, or apply configuration changes that secure the handling of the antivirus definition database. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Exposure of Resource to Wrong Sphere
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Comodo Antivirus