Comodo Internet Security Premium Path Traversal Vulnerability

A critical path traversal vulnerability has been identified in Comodo Internet Security Premium version 12.3.4.8162. The issue arises in the File Name Handler component, where the application improperly validates the 'name' or 'folder' argument. This flaw allows for arbitrary file writes, as the application uses the unvalidated input to determine download file names, potentially leading to the execution of malicious files with SYSTEM privileges.

Impact

Exploitation of this vulnerability allows for arbitrary file writes, which can be used to deliver persistent malware. After a system reboot, the malware can execute, providing remote control over the affected machine. Although the malicious file runs under Comodo's isolation, it can use post-exploitation techniques to bypass User Account Control and gain SYSTEM privileges, allowing access to sensitive system credentials.

Reproduction

The vulnerability can be reproduced by crafting a path traversal payload that exploits the improper validation of the 'name' or 'folder' argument in the File Name Handler component. This payload can be included in a manifest file, which, when processed by Comodo Internet Security, will write a malicious file into the startup folder. Once the victim reboots their machine, the malware will execute, establishing a remote connection back to the attacker.