CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-3970

Comodo Antivirus versions up to 12.0.0.6810 are vulnerable to Arbitrary File Write due to Cavwp.exe handling of Comodo's Antivirus database. Cavwp.exe loads Comodo antivirus definition database in unsecured global section objects, allowing a local low privileged process to modify this data directly and change virus signatures.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 14.9%

CVSS Severity

CVSS v3 Score 5.5

CVSS v2 Score 2.1

References

https://www.tenable.com/security/research/tra-2019-34
https://www.tenable.com/security/research/tra-2019-34

Products affected by CVE-2019-3970

Comodo » Antivirus » Version: 1.0

cpe:2.3:a:comodo:antivirus:1.0
Comodo » Antivirus » Version: 11.0.0.6582

cpe:2.3:a:comodo:antivirus:11.0.0.6582
Comodo » Antivirus » Version: 12.0.0.6810

cpe:2.3:a:comodo:antivirus:12.0.0.6810
Comodo » Antivirus » Version: 2.2

cpe:2.3:a:comodo:antivirus:2.2
Comodo » Antivirus » Version: 8.1

cpe:2.3:a:comodo:antivirus:8.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-3970

Products

Pricing

Contact Us