CVE-2019-18215

An issue was discovered in signmgr.dll 6.5.0.819 in Comodo Internet Security through 12.0. A DLL Preloading vulnerability allows an attacker to implant an unsigned DLL named iLog.dll in a partially unprotected product directory. This DLL is then loaded into a high-privileged service before the binary signature validation logic is loaded, and might bypass some of the self-defense mechanisms.
Configurations

Configuration 1 (hide)

cpe:2.3:a:comodo:comodo_internet_security:*:*:*:*:*:*:*:*

History

21 Nov 2024, 04:32

Type Values Removed Values Added
References () https://forums.comodo.com/news-announcements-feedback-cis/comodo-internet-security-2019-v12106914-released-t124993.0.html - Release Notes, Vendor Advisory () https://forums.comodo.com/news-announcements-feedback-cis/comodo-internet-security-2019-v12106914-released-t124993.0.html - Release Notes, Vendor Advisory
References () https://safebreach.com/Post/Comodo-Internet-Security-DLL-Preloading-and-Potential-Abuses-CVE-2019-18215 - Exploit, Third Party Advisory () https://safebreach.com/Post/Comodo-Internet-Security-DLL-Preloading-and-Potential-Abuses-CVE-2019-18215 - Exploit, Third Party Advisory
References () https://safebreach.com/blog - Third Party Advisory () https://safebreach.com/blog - Third Party Advisory

Information

Published : 2019-11-18 20:15

Updated : 2024-11-21 04:32


NVD link : CVE-2019-18215

Mitre link : CVE-2019-18215

CVE.ORG link : CVE-2019-18215


JSON object : View

Products Affected

comodo

  • comodo_internet_security
CWE
CWE-427

Uncontrolled Search Path Element