Security researcher Marcus Hutchins has disclosed a previously unknown zero-day vulnerability affecting Comodo Internet Security. According to the researcher, attackers can exploit the flaw remotely to crash vulnerable Windows systems.
The vulnerability, known as “ComoDoS,” affects Comodo’s Inspect.sys firewall driver. Specifically, attackers can trigger the flaw by sending a specially crafted IPv6 packet to a target system. As a result, the system crashes and enters a denial-of-service (DoS) state without requiring any user interaction.
According to the disclosure, the issue stems from improper handling of IPv6 extension headers within the firewall driver. Furthermore, researchers found that a single malformed packet can trigger the vulnerability. Consequently, organizations running exposed or internet-facing systems may face a higher risk of disruption.
At the time of disclosure, Comodo had not released an official patch. In addition, reports indicated that multiple attempts to notify the vendor had gone unanswered. Meanwhile, researchers published proof-of-concept (PoC) code and technical details, increasing the likelihood of exploitation by threat actors.
Although the vulnerability does not currently enable remote code execution, it still poses a significant risk. For example, attackers could repeatedly exploit the flaw to disrupt services, reduce system availability, and cause operational downtime. Therefore, organizations should take preventive measures while waiting for an official fix.
To reduce risk, security teams should:
- Monitor vendor advisories for updates and patches.
- Restrict unnecessary IPv6 exposure where possible.
- Review network logs for suspicious traffic patterns.
- Identify systems running vulnerable Comodo software.
- Strengthen network monitoring to detect potential exploitation attempts.
Ultimately, this disclosure highlights the risks associated with security software vulnerabilities. While security tools help protect systems, flaws within those products can also create new attack opportunities if left unpatched.
Key Takeaways
- A zero-day vulnerability named ComoDoS affects Comodo Internet Security.
- The flaw exists in the Inspect.sys firewall driver.
- Attackers can remotely crash Windows systems using a crafted IPv6 packet.
- Researchers have released public proof-of-concept code.
- No official patch was available at the time of disclosure.
Source: Cyber Security News – Comodo Internet Security 0-Day Vulnerability Lets Attacker Crash the User’s Windows System
No responses yet