SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   Comodo Internet Security Vendors:   Comodo Group
Comodo Internet Security PE File Processing Bug Lets Remote and Local Users Deny Service
SecurityTracker Alert ID:  1026982
SecurityTracker URL:  http://securitytracker.com/id/1026982
CVE Reference:   CVE-2012-2273   (Links to External Site)
Updated:  Apr 25 2012
Original Entry Date:  Apr 25 2012
Impact:   Denial of service via local system, Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 5.9 and prior versions
Description:   A vulnerability was reported in Comodo Internet Security. A remote or local user can cause denial of service conditions.

A remote or local user can create a specially crafted PE file that, when loaded into memory on the target system, will cause the target system to crash.

The vendor was notified on January 5, 2012.

BOClean Anti malware may also be affected.

Ange Albertini reported this vulnerability.

Impact:   A remote or local user can cause the target system to crash when a file is loaded into memory.
Solution:   The vendor has issued a fix (5.10.228257.2253).

The vendor's advisory is available at:

http://www.comodo.com/home/download/release-notes.php?p=anti-malware

Vendor URL:  www.comodo.com/ (Links to External Site)
Cause:   State error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  [CVE-2012-2273] Comodo Internet Security <5.10 BSOD (Win7 x64)

[affected software]
Comodo Internet Security, until 5.9

[description]
BSOD under Windows 7 x64 if a 32b PE with a kernel ImageBase is executed.

such files are very unusual, but work perfectly if the PE contains
relocations, as shown at http://pe.corkami.com#ImageBase and
http://pe.corkami.com#relocations

PoCs downloadable on http://pe.corkami.com, files: tls_reloc ibkernel
ibkmanual reloccrypt

[author]
Ange Albertini (corkami.com)

[vendor communication]
5th January 2012 - details shared with the vendor
23th January 2012 - patch is planned
12th March 2012 - bug are fixed in 5.10

from http://www.comodo.com/home/download/release-notes.php?p=anti-malware

5.10.228257.2253: 12 March, 2012
 * IMPROVED! Compatibility with other security suites is improved in
Windows 7 x64
 * FIXED! BSOD when corrupted executables are loaded in memory in Windows 7 x64
 * FIXED! HIPS can leak process handles with a special set of access rights
 * FIXED! Smart scan crashes under certain circumstances

[mitigation]
update to 5.10 or later
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC