are vulnerable to Arbitrary File Write due to Cavwp.exe handling of Comodo's Antivirus database. This results in CmdVirth.exe and its child svchost.exe instances to terminate.Ĭomodo Antivirus versions up to 12. A low privileged local process can connect to this port and send an LPC_DATAGRAM, which triggers an Access Violation due to hardcoded NULLs used for Source parameter in a memcpy operation that is called for this handler. are vulnerable to a local Denial of Service affecting CmdVirth.exe via its LPC port "cmdvrtLPCServerPort". This section object is exposed by CmdAgent and contains a SharedMemoryDictionary object, which allows a low privileged process to modify the object data causing CmdAgent.exe to crash.Ĭomodo Antivirus versions up to 12. and below are vulnerable to Denial of Service affecting CmdAgent.exe via an unprotected section object "_CisSharedMemBuff". The crash occurs when the driver performs a memset operation which uses a size beyond the size of buffer specified, causing kernel crash.Ĭomodo Antivirus versions 12. This can trigger an out-of-bounds write if lpOutBuffer parameter in FilterSendMessage API is near the end of specified buffer bounds. Once this occurs, a specially crafted message can be sent to "cmdServicePort" using "FilterSendMessage" API. A low privileged process can crash CmdVirth.exe to decrease the port's connection count followed by process hollowing a CmdVirth.exe instance with malicious code to obtain a handle to "cmdServicePort". and below are vulnerable to Denial of Service affecting CmdGuard.sys via its filter port "cmdServicePort". To escalate privilege, a low-privileged attacker can use an NTFS directory junction to restore a malicious DLL from quarantine into the System32 folder.Ĭomodo Antivirus versions 11. has a quarantine flaw that allows privilege escalation.
0 Comments
This data is stored until you revoke your consent, and is intended for use by Bandai Namco's services responsible for customer relationship management. Such data processing is carried out only with your consent. In accordance with Regulation 2016/679 of 27 April 2016, your full name and email address will be used by Bandai Namco for the purpose of providing you with a newsletter and information about Bandai Namco's activities. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |