Comodo Antivirus 12.2.2.8012 has a quarantine flaw that allows privilege escalation. To escalate privilege, a low-privileged attacker can use an NTFS directory junction to restore a malicious DLL from quarantine into the System32 folder.
References
| Link | Resource |
|---|---|
| https://antivirus.comodo.com/ | Product Vendor Advisory |
| https://r0h1rr1m.medium.com/comodo-antivirus-local-privilege-escalation-through-insecure-file-move-476a4601d9b8 | Exploit Third Party Advisory |
Configurations
History
08 Aug 2023, 14:22
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-59 |
28 Jun 2022, 19:08
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : 7.2
v3 : 7.8 |
| CPE | cpe:2.3:a:comodo:antivirus:12.2.2.8012:*:*:*:*:*:*:* | |
| CWE | CWE-269 | |
| References | (MISC) https://antivirus.comodo.com/ - Product, Vendor Advisory | |
| References | (MISC) https://r0h1rr1m.medium.com/comodo-antivirus-local-privilege-escalation-through-insecure-file-move-476a4601d9b8 - Exploit, Third Party Advisory | |
| First Time |
Comodo
Comodo antivirus |
21 Jun 2022, 15:34
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2022-06-21 15:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-34008
Mitre link : CVE-2022-34008
CVE.ORG link : CVE-2022-34008
JSON object : View
Products Affected
comodo
- antivirus
CWE
CWE-59
Improper Link Resolution Before File Access ('Link Following')