Comodo Internet Security
Monthly
Remote denial of service in Comodo Internet Security's Inspect.sys firewall driver lets an unauthenticated attacker crash any Windows host running the product by sending a single crafted IPv6 packet, even when all ports are blocked at the firewall. The flaw is an integer underflow (CWE-191) in IPv6 extension-header parsing that occurs before firewall rule enforcement, producing an out-of-bounds read and an oversized memcpy at DISPATCH_LEVEL and an immediate BSOD. Publicly available exploit code exists, published alongside MalwareTech's technical writeup and a working PoC named ComoDoS.
An issue was discovered in signmgr.dll 6.5.0.819 in Comodo Internet Security through 12.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Comodo Internet Security before 5.10.228257.2253 on Windows 7 x64 allows local users to cause a denial of service (system crash) via a crafted 32-bit Portable Executable (PE) file with a kernel. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
Remote denial of service in Comodo Internet Security's Inspect.sys firewall driver lets an unauthenticated attacker crash any Windows host running the product by sending a single crafted IPv6 packet, even when all ports are blocked at the firewall. The flaw is an integer underflow (CWE-191) in IPv6 extension-header parsing that occurs before firewall rule enforcement, producing an out-of-bounds read and an oversized memcpy at DISPATCH_LEVEL and an immediate BSOD. Publicly available exploit code exists, published alongside MalwareTech's technical writeup and a working PoC named ComoDoS.
An issue was discovered in signmgr.dll 6.5.0.819 in Comodo Internet Security through 12.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Comodo Internet Security before 5.10.228257.2253 on Windows 7 x64 allows local users to cause a denial of service (system crash) via a crafted 32-bit Portable Executable (PE) file with a kernel. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.