The Tenable expert David Wells discovered five flaws in the Comodo Antivirus and Comodo Antivirus Advanced.
Four of the vulnerabilities affect were version 188.8.131.5210 and one the version 184.108.40.20682.
The most severe flaw, tracked as CVE=2019-3969, could be exploited by an attacker with access to the target system to escape the Comodo Antivirus sandbox and escalate privileges to SYSTEM.
“An attacker can bypass this
Another vulnerability, tracked as, CVE-2019-3970, is an arbitrary file write issue that could be’ exploited by an attacker to modify malware definitions and evade detection.
The remaining issue could be exploited by an attacker with access to the target system to trigger a
Wells published technical details for the sandbox escape/privilege escalation vulnerability in a post published on Medium.
Wells also published a Proof-of-concept exploit code on GitHub and a video PoC for the flaw.
Tenable reported the flaws to Comodo in April, but at the time of writing the vendor has yet to address them.
“At the time of this disclosure, we are not aware of any patches released by Comodo that address these vulnerabilities. We recommend to keep updated on future Comodo Antivirus releases.” concludes Tenable.
Below the timeline for the flaw: