Denial of Service Vulnerability in Comodo Antivirus
CVE-2019-3973

5.5MEDIUM

Key Information:

Vendor: Comodo
Status: Comodo Antivirus
Vendor: CVE Published:; 17 July 2019

What is CVE-2019-3973?

Comodo Antivirus versions 11.0.0.6582 and earlier are affected by a Denial of Service vulnerability through CmdGuard.sys. This vulnerability allows a low privileged process to exploit cmdServicePort. The process can crash CmdVirth.exe, leading to decreased connection count for the port. By hollowing out the CmdVirth.exe instance with malicious code and sending a specially crafted message via the FilterSendMessage API, an out-of-bounds write can be triggered due to improper handling of buffer sizes during a memset operation, resulting in a kernel crash.

Affected Version(s)

Comodo Antivirus Versions 11.0.0.6582 and below

References

https://www.tenable.com/security/research/tra-2019-34

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 17, 2019
Vulnerability Reserved
Jan 3, 2019