Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:27944
HistoryApr 22, 2012 - 12:00 a.m.

[CVE-2012-2273] Comodo Internet Security <5.10 BSOD (Win7 x64)

2012-04-2200:00:00
vulners.com
23
JSON

[affected software]
Comodo Internet Security, until 5.9

[description]
BSOD under Windows 7 x64 if a 32b PE with a kernel ImageBase is executed.

such files are very unusual, but work perfectly if the PE contains
relocations, as shown at http://pe.corkami.com#ImageBase and
http://pe.corkami.com#relocations

PoCs downloadable on http://pe.corkami.com, files: tls_reloc ibkernel
ibkmanual reloccrypt

[author]
Ange Albertini (corkami.com)

[vendor communication]
5th January 2012 - details shared with the vendor
23th January 2012 - patch is planned
12th March 2012 - bug are fixed in 5.10

from http://www.comodo.com/home/download/release-notes.php?p=anti-malware

5.10.228257.2253: 12 March, 2012

  • IMPROVED! Compatibility with other security suites is improved in
    Windows 7 x64
  • FIXED! BSOD when corrupted executables are loaded in memory in Windows 7 x64
  • FIXED! HIPS can leak process handles with a special set of access rights
  • FIXED! Smart scan crashes under certain circumstances

[mitigation]
update to 5.10 or later

JSON