Comodo Internet Security versions until 5.9 suffered from a blue screen of death denial of service condition on Microsoft Windows 7 x64 if a 32b PE with a kernel ImageBase is executed.
1e86af280c77354ea561913520978f4b427cfd15a034c0157c849df03bb3da47[affected software]
Comodo Internet Security, until 5.9
[description]
BSOD under Windows 7 x64 if a 32b PE with a kernel ImageBase is executed.
such files are very unusual, but work perfectly if the PE contains
relocations, as shown at http://pe.corkami.com#ImageBase and
http://pe.corkami.com#relocations
PoCs downloadable on http://pe.corkami.com, files: tls_reloc ibkernel
ibkmanual reloccrypt
[author]
Ange Albertini (corkami.com)
[vendor communication]
5th January 2012 - details shared with the vendor
23th January 2012 - patch is planned
12th March 2012 - bug are fixed in 5.10
from http://www.comodo.com/home/download/release-notes.php?p=anti-malware
5.10.228257.2253: 12 March, 2012
* IMPROVED! Compatibility with other security suites is improved in
Windows 7 x64
* FIXED! BSOD when corrupted executables are loaded in memory in Windows 7 x64
* FIXED! HIPS can leak process handles with a special set of access rights
* FIXED! Smart scan crashes under certain circumstances
[mitigation]
update to 5.10 or later
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed