CVE-2019-6440

CRITICAL

Zemana AntiMalware <3.0.658 Beta - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-6440. PoCs published by hexnone.

AI-analyzed exploit summary This repository provides a detailed writeup of CVE-2019-6440, a privilege escalation vulnerability in Zemana Antimalware and Antilogger. The vulnerability allows attackers to gain SYSTEM privileges by intercepting and modifying update requests due to improper signature verification.

Description

Zemana AntiMalware before 3.0.658 Beta mishandles update logic.

Exploits (1)

nomisec WRITEUP
by hexnone · poc
https://github.com/hexnone/CVE-2019-6440

This repository provides a detailed writeup of CVE-2019-6440, a privilege escalation vulnerability in Zemana Antimalware and Antilogger. The vulnerability allows attackers to gain SYSTEM privileges by intercepting and modifying update requests due to improper signature verification.

Classification
Writeup 90%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Zemana Antimalware v.2.74.2.150 & Zemana Antilogger v.2.74.204.150
No auth needed
Prerequisites: Ability to intercept and modify HTTP traffic · Access to the target's network
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Release Notes, Vendor Advisory x_refsource_confirm
https://www.zemana.com/whats-new?ProductID=2

Scores

CVSS v3 9.8
EPSS 0.0302
EPSS Percentile 85.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-19
Status published
Products (50)
zemana/antimalware 2.1.1.353 beta
zemana/antimalware 2.1.1.543 beta
zemana/antimalware 2.1.1.621 beta
zemana/antimalware 2.1.1.929 beta
zemana/antimalware 2.2.1.105 beta
zemana/antimalware 2.2.1.234 beta
zemana/antimalware 2.2.1.460 beta
zemana/antimalware 2.4.1.100 beta
zemana/antimalware 2.5.1.257 beta
zemana/antimalware 2.5.1.329 beta
... and 40 more
Published Jan 16, 2019
Tracked Since Feb 18, 2026