| tiêu đề | Comodo Security Solutions Comodo Internet Security Premium 12 Path Traversal |
|---|
| Mô tả | Comodo IS uses value in section name as download file name without any sanitize or validation. Threat actor can craft path traversal payload in manifest file, writes malicious file inside startup folder. The threat actor can remotely control the victim's machine after a reboot. Even though untrusted file runs under Comodo isolation, threat actor can use post-exploit modules like bypass UAC to get SYSTEM privilege, and hashdump or mimikatz to gather system's credentials. |
|---|
| Nguồn | ⚠️ https://drive.google.com/file/d/1qnWarYsTSc5_sV6o8ULv0LBvGfKKXPxn/view?usp=sharing |
|---|
| Người dùng | FPT IS Security (UID 72751) |
|---|
| Đệ trình | 25/06/2025 10:45 (cách đây 10 các tháng) |
|---|
| Kiểm duyệt | 05/07/2025 17:36 (10 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 315012 [Comodo Internet Security Premium 12.3.4.8162 File Name name/folder duyệt thư mục] |
|---|
| điểm | 20 |
|---|