Several vulnerabilities were discovered in Comodo Antivirus, one of which may allow an attacker to go beyond the sandbox and increase its privileges in the system.
The vendor has not bothered to release patches yet.David Wells, a Tenable specialist, noticed security problem.
“A couple of months ago, I decided looked at the latest Comodo Antivirus v12.0.0.6810. I ended up finding a few cool things, however one I thought was worth covering here, which is a sandbox escape as well as a privilege escalation to SYSTEM”, — said David Wells.
In total, Wells found four gaps that affect Comodo Antivirus and Comodo Antivirus Advanced version 12.0.0.6810, and another DoS vulnerability that threatens only version 11.0.0.6582.
The most dangerous vulnerability was with the CVE-2019-3969 identifier, with a CVSS score of 6.8. It is this hole that allows you to bypass the Comodo Antivirus sandbox and raise the rights to SYSTEM.
Another flaw, CVE-2019-3970, presents a problem of writing to a file, which allows an attacker to modify the descriptions of malicious programs.
Read also: Malicious versions of WinRAR, Winbox and IDM distribute StrongPity spyware
An attacker can use this bug to create false detections or to bypass signature detection. The remaining vulnerabilities can lead to the failure of individual components of the application or the whole kernel.
Wells has published a detailed analysis of the most dangerous vulnerability, with which it is possible to bypass the sandbox antivirus.
The expert also posted the PoC code; and below you can watch a video that demonstrates the presence of a vulnerability.
