CVE-2019-18215

HIGH Year: 2019
CVSS v3 Score
7.8
High
CVSS v2 Score
4.4
Medium
Weakness Type
CWE-427
View all →

Vulnerability Description

An issue was discovered in signmgr.dll 6.5.0.819 in Comodo Internet Security through 12.0. A DLL Preloading vulnerability allows an attacker to implant an unsigned DLL named iLog.dll in a partially unprotected product directory. This DLL is then loaded into a high-privileged service before the binary signature validation logic is loaded, and might bypass some of the self-defense mechanisms.

Related Vulnerabilities

CVE-2013-0725

HIGH
CVSS:7.8(High)

ERDAS ER Viewer 13.0 has dwmapi.dll and irml.dll libraries arbitrary code execution vulnerabilities

CWE-4272013

CVE-2014-8393

HIGH
CVSS:7.8(High)

DLL Hijacking vulnerability in CorelDRAW X7, Corel Photo-Paint X7, Corel PaintShop Pro X7, Corel Painter 2015, and Corel PDF Fusion.

CWE-4272014

CVE-2016-5311

HIGH
CVSS:7.8(High)

A Privilege Escalation vulnerability exists in Symantec Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup, Norton Internet Security, Norton 360, Endpoint Pro...

CWE-4272016

CVE-2016-6592

HIGH
CVSS:7.8(High)

A vulnerability was found in Symantec Norton Download Manager versions prior to 5.6. A remote user can create a specially crafted DLL file that, when placed on the target user's system, will cause the...

CWE-4272016

CVE-2017-1000010

HIGH
CVSS:7.8(High)

Audacity 2.1.2 through 2.3.2 is vulnerable to Dll HIjacking in the avformat-55.dll resulting arbitrary code execution.

CWE-4272017

CVE-2017-11158

HIGH
CVSS:7.8(High)

Multiple untrusted search path vulnerabilities in the installer in Synology Cloud Station Drive before 4.2.5-4396 on Windows allow local attackers to execute arbitrary code and conduct DLL hijacking a...

CWE-4272017