Comodo Internet Security Premium OS Command Injection Vulnerability

A critical OS command injection vulnerability has been identified in Comodo Internet Security Premium version 12.3.4.8162. The issue arises in the Manifest File Handler component, specifically within the 'cis_update_x64.xml' file. The vulnerability allows remote execution of commands with SYSTEM privileges by manipulating the 'binary/' and 'params' sections of the update file. This exploitation bypasses Comodo's security measures, as the commands are executed filelessly, providing the attacker with control over the victim's machine.

Impact

Exploitation of this vulnerability allows for unauthorized OS command execution with SYSTEM privileges on the affected machine.

Reproduction

To reproduce this vulnerability, an attacker must first set up a fake update server that the victim's Comodo Internet Security can connect to. This involves generating a self-signed SSL certificate, configuring an Apache server to use this certificate, and then redirecting DNS queries from the victim machine to the attacker's server. Once the update traffic is redirected, the attacker can inject malicious commands that will be executed on the victim's system with elevated privileges.