CVE-2019-3970

CWE-668Exposure to Wrong SphereCWE-20Improper Input Validation4 documents4 sources
Severity
5.5MEDIUM
EPSS
0.0%
top 85.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Comodo Antivirus
Timeline
PublishedJul 17
Latest updateFeb 2

Description

Comodo Antivirus versions up to 12.0.0.6810 are vulnerable to Arbitrary File Write due to Cavwp.exe handling of Comodo's Antivirus database. Cavwp.exe loads Comodo antivirus definition database in unsecured global section objects, allowing a local low privileged process to modify this data directly and change virus signatures.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

NVDcomodo/antivirus12.0.0.6810
CVEListV5comodo_antivirusVersions 12.0.0.6810 and below

🔴Vulnerability Details

3
OSV
tiff vulnerabilities2023-02-02
GHSA
GHSA-2275-cfh4-2ph7: Comodo Antivirus versions up to 122022-05-24
CVEList
CVE-2019-3970: Comodo Antivirus versions up to 122019-07-17
CVE-2019-3970 (MEDIUM CVSS 5.5) | Comodo Antivirus versions up to 12. | cvebase.io