Multiple Vulnerabilities Discovered In Comodo Antivirus – Patch Pending!

  • 3

Researchers from Tenable have discovered numerous security vulnerabilities in Comodo Antivirus. For now, the users of this antivirus need to remain cautious as the vendors are yet to roll-out fixes.

Local Privilege Escalation Flaw

A key vulnerability affecting Comodo Antivirus relates to a local privilege escalation flaw in Cmdagent.exe file. As stated in Tenable’s advisory, the vulnerability could let an attacker bypass legitimate signing check. This allows the attacker to elevate local privileges.

A local process can bypass the signature check enforced by CmdAgent via process hollowing which can then allow the process to invoke sensitive COM methods in CmdAgent such as writing to the registry with SYSTEM privileges.

Tenable marked this vulnerability CVE-2019-3969 as a high severity flaw that earned a CVSS v3.0 base score of 7.8.

The researcher David Wells, in a separate blog post, described this vulnerability as a sandbox as well as an LPE flaw. He also shared the proof of concept for the exploit alongside its demonstration in the following video.

Other Comodo Antivirus Bugs

Apart from the above vulnerability, Tenable also found four other bugs affecting the software. These include an arbitrary file write vulnerability (CVE-2019-3970), a denial of service bug (CVE-2019-3971), an out-of-bounds read flaw (CVE-2019-3972), and an out-of-bounds write flaw (CVE-2019-3973).

Patches Yet To Arrive

Tenable, upon discovering the vulnerabilities, disclosed the flaws to Comodo in April this year. Nonetheless, until the time of disclosure, the vendors couldn’t patch the flaws.

However, in an email to Infosecurity, Comodo assured to roll-out the patches in the coming days.

There have been no reported incidents exploiting any of these vulnerabilities and no customers reporting related issues to us. The Comodo product team has been working diligently to resolve all vulnerabilities and all fixes will be released by Monday, July 29.

Hence, Comodo users must ensure updating their devices as soon as the fixes roll-out to stay protected.

Let us know your thoughts in the comments.


Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!