Researchers discover five vulnerabilities in Comodo Antivirus

• Out of the five vulnerabilities, four flaws were detected in version 12.0.0.6810 and one flaw in version 11.0.0.6582.
• The researcher has reported his findings to Comodo in mid-April, but the vulnerabilities have not been fixed yet.

A security researcher at Tenable, David Wells uncovered five vulnerabilities in Comodo Antivirus and Comodo Antivirus Advanced.

What are the vulnerabilities?

Out of the five vulnerabilities, four flaws were detected in version 12.0.0.6810 and one flaw in version 11.0.0.6582, which is a Denial-of-Service (DoS) bug.

• The first vulnerability tracked as CVE-2019-3969 allows an attacker with access to the targeted system to escape the Comodo Antivirus sandbox and escalate privileges to SYSTEM.
• The second vulnerability tracked as CVE-2019-3970 is an arbitrary file write flaw that allows an attacker to modify virus definitions, leading to the creation of false positives or enabling the malware to bypass signature-based detection.
• The third vulnerability tracked as CVE-2019-3971 is a Denial-OF-Service flaw that triggers an Access Violation due to hardcoded NULLs used for a memcpy source address, causing the application to terminate.
• The other two vulnerabilities could be exploited to cause application components and the kernel to crash.

“A low-privileged process however, can crash CmdVirth.exe to decrease the port's connection count and process hollow a CmdVirth.exe copy with malicious code to obtain a port handle. Once this occurs, a specially crafted message can be sent to cmdServicePort using ‘filtersendmessage’ API, which triggers an out-of-bounds write if lpOutBuffer parameter is near the end of buffer bounds,” Tenable said.

Patch not available

The researcher has reported his findings to Comodo in mid-April, but the vulnerabilities have not been fixed yet.

Comodo is yet to officially comment on the matter. Cyware will update this article if the company releases a statement.