Comodo Internet Security Premium Improper Certificate Validation Vulnerability

A critical vulnerability exists in Comodo Internet Security Premium version 12.3.4.8162, specifically within the Update Handler component. This vulnerability arises from improper validation of SSL certificates, enabling remote attackers to redirect update traffic to untrusted servers. The issue was disclosed on July 5, 2025, after the vendor was contacted but did not respond.

Impact

Exploitation of this vulnerability allows for improper certificate validation, which could be exploited to redirect update traffic to a malicious server. This could lead to the installation of unauthorized updates, potentially allowing for remote code execution with SYSTEM privileges, according to the vulnerability disclosure.

Reproduction

To reproduce this vulnerability, set up a fake update server that the victim machine can connect to. This involves generating a local SSL certificate, configuring an Apache server to use this certificate, and then performing a DNS spoofing attack to redirect traffic from the legitimate Comodo update server to the fake one. Once the update traffic is redirected, the victim machine can be tricked into downloading and installing a malicious update.