Skip to main content

Comodo Internet Security EUVD-2026-34990

| CVE-2026-49494 HIGH
Integer Underflow (CWE-191)
2026-06-07 VulnCheck GHSA-87cf-mxjw-fmjh
Microsoft Integer Overflow Buffer Overflow
8.7
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
8.7 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

6
Analysis Updated
Jun 07, 2026 - 13:28 vuln.today
v3 (cvss_changed)
Analysis Updated
Jun 07, 2026 - 13:28 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jun 07, 2026 - 13:22 vuln.today
cvss_changed
CVSS changed
Jun 07, 2026 - 13:22 NVD
7.5 (HIGH) 8.7 (HIGH)
Analysis Generated
Jun 07, 2026 - 12:43 vuln.today
CVE Published
Jun 07, 2026 - 12:08 nvd
HIGH 7.5

DescriptionCVE.org

Comodo Internet Security's firewall driver Inspect.sys contains an integer underflow in its IPv6 packet parser. The parser decrements an unsigned 64-bit payload-length value (taken from the IPv6 fixed header's payload length field) by the size of each IPv6 extension header without validating it, so a packet whose declared payload length is smaller than the sum of its extension-header lengths underflows the value to a near-maximal 64-bit integer. Because IPv6 parsing occurs before firewall rule enforcement, a remote, unauthenticated attacker can send a single crafted IPv6 packet - even to a host with all ports blocked - to trigger an out-of-bounds read (and, on a separate code path, an oversized memcpy) in the Windows kernel at DISPATCH_LEVEL, crashing the system (BSOD).

AnalysisAI

Remote denial of service in Comodo Internet Security's Inspect.sys firewall driver lets an unauthenticated attacker crash any Windows host running the product by sending a single crafted IPv6 packet, even when all ports are blocked at the firewall. The flaw is an integer underflow (CWE-191) in IPv6 extension-header parsing that occurs before firewall rule enforcement, producing an out-of-bounds read and an oversized memcpy at DISPATCH_LEVEL and an immediate BSOD. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Identify reachable Windows host running Comodo Internet Security
Delivery
Craft IPv6 packet with undersized payload length and extension headers
Exploit
Send single packet to target IPv6 address
Install
Inspect.sys parses headers pre-firewall
C2
Unsigned 64-bit length underflows during extension-header subtraction
Execute
Out-of-bounds read/oversized memcpy faults at DISPATCH_LEVEL
Impact
Host bugchecks to BSOD (denial of service)
Sign in to reveal

Vulnerability AssessmentAI

Exploitation The target must be a Windows host running Comodo Internet Security with the Inspect.sys firewall driver active and processing IPv6, and the attacker must be able to deliver a single IPv6 packet to the host's network stack - no authentication, user interaction, open port, or permissive firewall rule is required because parsing occurs before rule enforcement. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment CVSS 4.0 vector AV:N/AC:L/AT:N/PR:N/UI:N with VA:H but VC:N/VI:N is internally consistent with the observed behavior: a remote, unauthenticated, no-interaction trigger that affects availability only (kernel BSOD) with no direct confidentiality or integrity loss. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with any network path to a target - same LAN, a hostile Wi-Fi, or a routed IPv6 reachable internet host - sends a single crafted IPv6 packet whose fixed-header payload length is smaller than the total length of its appended extension headers. Inspect.sys parses the packet before consulting firewall rules, the unsigned 64-bit length underflows during extension-header processing, and the subsequent out-of-bounds read (or oversized memcpy) faults at DISPATCH_LEVEL and bugchecks Windows into an immediate BSOD. …
Remediation No vendor-released patch identified at time of analysis from the supplied data - there is no Comodo advisory URL or fixed version in the references, so administrators should monitor Comodo's product channels and the VulnCheck advisory (https://www.vulncheck.com/advisories/comodo-internet-security-inspect-sys-ipv6-integer-underflow-remote-denial-of-service) for an updated Inspect.sys build. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Identify and inventory all Windows systems running Comodo Internet Security; assess operational criticality and network exposure. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-34990 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy