Comodo DLL injection via weak hash function exploitation Vulnerability

Credit: Matousec
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-Other

CVSS Base Score: 4.6/10
Impact Subscore: 6.4/10
Exploitability Subscore: 3.9/10
Exploit range: Local
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

Hello, We would like to inform you about a vulnerability in Comodo Firewall Pro. Description: Comodo Firewall Pro (former Comodo Personal Firewall) implements a component control, which is based on a checksum comparison of process modules. Probably to achieve a better performance, cyclic redundancy check (CRC32) is used as a checksum function in its implementation. However, CRC32 was developed for error detection purposes and can not be used as a reliable cryptographic hashing function because it is possible to generate collisions in real time. The character of CRC32 allows attacker to construct a malicious module with the same CRC32 checksum as a chosen trusted module in the target system and thus bypass the protection of the component control. Vulnerable software: * Comodo Firewall Pro * Comodo Firewall Pro * Comodo Personal Firewall * probably all older versions of Comodo Personal Firewall 2 * possibly older versions of Comodo Personal Firewall More details and a proof of concept including its source code are available here: sh-function-exploitation.php Regards, -- Matousec - Transparent security Research

Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019,


Back to Top