Denial of Service Vulnerability in Comodo Antivirus
CVE-2019-3972

5.5MEDIUM

Key Information:

Vendor: Comodo
Status: Comodo Antivirus
Vendor: CVE Published:; 17 July 2019

What is CVE-2019-3972?

Comodo Antivirus versions 12.0.0.6810 and earlier are susceptible to a Denial of Service attack through the CmdAgent.exe process. This vulnerability arises from an unprotected section object, '_CisSharedMemBuff', which is accessible to low-privileged processes. By exploiting this exposure, an attacker could manipulate the SharedMemoryDictionary object, causing CmdAgent.exe to crash and disrupting the functionality of the antivirus software.

Affected Version(s)

Comodo Antivirus Versions 12.0.0.6810 and below

References

https://www.tenable.com/security/research/tra-2019-34

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 17, 2019
Vulnerability Reserved
Jan 3, 2019