Multiple zero-day vulnerabilities could allow malicious actors to attack Comodo antivirus software and install malware to escalate to the highest privileges, according to Tenable Research.
Though antivirus software is used to protect PCs and other devices from unknown malware and threats, Comodo – which has over 85 million desktop software installations across more than 700,000 business customers – is riddled with vulnerabilities that would ultimately grant an attacker complete control over the machine. Researchers discovered a sandbox escape and a privilege escalation to SYSTEM, according to today’s blog post. An attacker could even disable the antivirus altogether, leaving the device unprotected and vulnerable, researchers explained.
“Comodo uses many IPC mechanisms between its various AV components: Filter Ports, Shared Memory, LPC, and COM,” wrote Tenable’s David Wells.
“We happen to know Comodo has the capability to invoke scan jobs from low-privilege processes such as explorer.exe (via it’s Context Shell Handler – (the menu that appears when user right clicks)) or Cis.exe (Comodo client GUI). These scan jobs are executed by invoking routines in CAVWP.exe which runs as SYSTEM.”
In total, researchers discovered five different vulnerabilities, which are demonstrated in a proof-of-concept video that illustrates the risks.
No tags.
