Comodo Internet Security: DoS bug without security update

A security vulnerability exists in the firewall driver of Comodo Internet Security 2025, which can cause the software to crash. Attackers from the network can achieve this. An update is not currently in sight. Users should better uninstall the software. Since security vulnerabilities are increasingly being given nicknames, this one has also been given one: “ComoDoS”.

In a post, the discoverer of the vulnerability, Marcus Hutchins, writes that he was investigating “Bring Your Own Vulnerable Driver” vulnerabilities and came across the vulnerability. He used an artificial intelligence that, in his opinion, strikes surprisingly often with drivers of IT security software. Especially with software like antivirus and firewalls. Since even the AI is so good at identifying problems that can lead to local privilege escalation, Hutchins also wanted to find out if interesting security vulnerabilities could be found through manual analysis.

Coincidence in Comodo's Firewall Driver

The firewall driver “inspect.sys” came into the IT researcher's crosshairs rather by chance, as the AI accidentally examined a very old version of this driver during the investigation. Actually, only the latest driver was supposed to go into the analysis, but in this case it was a version from 2014. In it, he found a number of already closed security vulnerabilities but also stumbled upon some unfortunate design decisions. Finding errors was therefore very easy, but discovering useful, in the sense of exploitable, vulnerabilities was more difficult. He then found something in the IPv6 code. In the post, he explains in detail what he found.

The vulnerability description itself is somewhat shorter: In the IPv6 packet processing, an integer underflow can occur – even before firewall rules take effect. Attackers can therefore send a manipulated IPv6 packet remotely without prior authentication to provoke read access outside of intended memory boundaries, which ultimately leads to a system crash (BSOD). This works even if all ports in the firewall are blocked (CVE-2026-49494, CVSS 7.5, Risk “high”).

Hutchins sent Comodo a complete error report, a root cause analysis, and even suggestions on how the developers could patch it. Hutchins has also published a proof-of-concept exploit. Only – the manufacturer did not react at first; there was no answer. Comodo Internet Security is vulnerable to the attack up to and including version 12.3.4.8162. According to the forum, this is also the current version (according to the forum).

To avoid exposing the system to the risk of crashes with a Blue Screen of Death (BSOD), Comodo users should uninstall the software. Microsoft Defender also detects malware properly. The Windows firewall also provides a useful service.

About a year ago, Comodo Internet Security also made headlines due to security vulnerabilities. These allowed attackers to inject and execute malicious code. Affected at the time: Version 12.3.4.8162. Users should remove such poorly maintained software promptly.

(dmk)