CVE-2019-6440

9.8 CRITICAL

Remote Code Execution

📋 TL;DR

CVE-2019-6440 is a critical vulnerability in Zemana AntiMalware where improper update logic handling allows attackers to execute arbitrary code with SYSTEM privileges. This affects all users running Zemana AntiMalware versions before 3.0.658 Beta. The vulnerability enables complete system compromise through malicious update mechanisms.

💻 Affected Systems

Products:

Zemana AntiMalware

Versions: All versions before 3.0.658 Beta

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the automatic update functionality which is typically enabled by default. All Windows versions supported by Zemana AntiMalware are affected.

📦 What is this software?

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

Antimalware by Zemana

View all CVEs affecting Antimalware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with SYSTEM privileges, allowing installation of persistent malware, data theft, ransomware deployment, and complete control over the affected system.

🟠

Likely Case

Remote code execution leading to malware installation, credential theft, and lateral movement within the network.

🟢

If Mitigated

Limited impact if proper network segmentation, least privilege principles, and security monitoring are in place to detect and contain exploitation attempts.

🌐 Internet-Facing: HIGH - The update mechanism typically communicates with external servers, making internet-facing systems particularly vulnerable to man-in-the-middle attacks or compromised update servers.

🏢 Internal Only: HIGH - Even internal systems are vulnerable if attackers gain network access or if update servers are compromised internally.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability requires network access to intercept or manipulate update traffic. Exploitation is straightforward once an attacker can control the update process.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.0.658 Beta and later

Vendor Advisory: https://www.zemana.com/whats-new?ProductID=2

Restart Required: Yes

Instructions:

1. Open Zemana AntiMalware. 2. Navigate to Settings > Update. 3. Click 'Check for Updates'. 4. Install version 3.0.658 Beta or later. 5. Restart the system to ensure all components are updated.

🔧 Temporary Workarounds

Disable Automatic Updates

windows

Prevent the vulnerable update mechanism from running automatically

Open Zemana AntiMalware > Settings > Update > Uncheck 'Automatically check for updates'

Network Segmentation

all

Block Zemana update servers at network perimeter

Add firewall rules to block outbound connections to Zemana update domains and IPs

🧯 If You Can't Patch

Uninstall Zemana AntiMalware and replace with alternative security software
Implement strict network controls to prevent outbound connections to Zemana update servers

🔍 How to Verify

Check if Vulnerable:

Check Zemana AntiMalware version in the application interface or via 'About' section. Versions below 3.0.658 are vulnerable.

Check Version:

Check application GUI or registry at HKEY_LOCAL_MACHINE\SOFTWARE\Zemana\AntiMalware for version information

Verify Fix Applied:

Confirm version is 3.0.658 Beta or higher in the application interface and verify update functionality works without errors.

📡 Detection & Monitoring

Log Indicators:

Unusual update activity from Zemana processes
Failed update attempts with unusual sources
Process creation from Zemana update components

Network Indicators:

Unusual connections to non-Zemana domains from Zemana processes
Update traffic from unexpected IP addresses
SSL/TLS certificate anomalies in update communications

SIEM Query:

Process creation where parent_process contains 'zemana' AND (process contains 'powershell' OR process contains 'cmd' OR process contains 'wscript')

📊 Metadata

CVE ID: CVE-2019-6440

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-19

Published: January 16, 2019

Last Updated: November 21, 2024

🔗 References

https://www.zemana.com/whats-new?ProductID=2 Release Notes,Vendor Advisory
https://www.zemana.com/whats-new?ProductID=2 Release Notes,Vendor Advisory