Comodo Internet Security PE File Processing Bug Lets Remote and Local Users Deny Service
SecurityTracker Alert ID: 1026982|
SecurityTracker URL: http://securitytracker.com/id/1026982
(Links to External Site)
Updated: Apr 25 2012|
Original Entry Date: Apr 25 2012
Denial of service via local system, Denial of service via network|
Fix Available: Yes Vendor Confirmed: Yes Exploit Included: Yes |
Version(s): 5.9 and prior versions|
A vulnerability was reported in Comodo Internet Security. A remote or local user can cause denial of service conditions.|
A remote or local user can create a specially crafted PE file that, when loaded into memory on the target system, will cause the target system to crash.
The vendor was notified on January 5, 2012.
BOClean Anti malware may also be affected.
Ange Albertini reported this vulnerability.
A remote or local user can cause the target system to crash when a file is loaded into memory.|
The vendor has issued a fix (5.10.228257.2253).|
The vendor's advisory is available at:
Vendor URL: www.comodo.com/ (Links to External Site)
|Underlying OS: Windows (Any)|
Source Message Contents
Subject: [CVE-2012-2273] Comodo Internet Security <5.10 BSOD (Win7 x64)|
Comodo Internet Security, until 5.9
BSOD under Windows 7 x64 if a 32b PE with a kernel ImageBase is executed.
such files are very unusual, but work perfectly if the PE contains
relocations, as shown at http://pe.corkami.com#ImageBase and
PoCs downloadable on http://pe.corkami.com, files: tls_reloc ibkernel
Ange Albertini (corkami.com)
5th January 2012 - details shared with the vendor
23th January 2012 - patch is planned
12th March 2012 - bug are fixed in 5.10
5.10.228257.2253: 12 March, 2012
* IMPROVED! Compatibility with other security suites is improved in
Windows 7 x64
* FIXED! BSOD when corrupted executables are loaded in memory in Windows 7 x64
* FIXED! HIPS can leak process handles with a special set of access rights
* FIXED! Smart scan crashes under certain circumstances
update to 5.10 or later