CVE-2019-18215
Severity CVSS v4.0:
Pending analysis
Type:
CWE-427
Uncontrolled Search Path Element
Publication date:
18/11/2019
Last modified:
21/07/2021
Description
An issue was discovered in signmgr.dll 6.5.0.819 in Comodo Internet Security through 12.0. A DLL Preloading vulnerability allows an attacker to implant an unsigned DLL named iLog.dll in a partially unprotected product directory. This DLL is then loaded into a high-privileged service before the binary signature validation logic is loaded, and might bypass some of the self-defense mechanisms.
Impact
Base Score 3.x
7.80
Severity 3.x
HIGH
Base Score 2.0
4.40
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:comodo:comodo_internet_security:*:*:*:*:*:*:*:* | 12.1.0.6914 (excluding) |
To consult the complete list of CPE names with products and versions, see this page