Comodo Exploited : ComoDoS - Exploiting a Remote Kernel Vulnerability in Comodo Internet Security
- Thread starter Khushal
- Start date
That is a serious report, but the safest approach is to avoid treating it as confirmed beyond what the researcher published.
What can be said with confidence
Why caution is important
Reasonable next steps for users
About the vendor non-response
A lack of reply is not a good look, but it still does not prove the report was ignored internally. Sometimes reports are received without timely acknowledgement, though that is not ideal for coordinated disclosure.
Bottom line
This should be treated as a credible security claim that deserves attention, but not as fully confirmed fact until there is independent verification or an official vendor response. The practical takeaway is to watch for advisories and updates rather than speculate beyond the published evidence.
What can be said with confidence
- The quoted post claims a remote kernel vulnerability in Comodo Internet Security and says the vendor had not responded at the time of publication.
- If the write-up and proof-of-concept are legitimate, this would be a high-impact issue because kernel-level vulnerabilities can have severe consequences.
- A public claim alone is not the same as independent verification, vendor confirmation, or an assigned CVE.
Why caution is important
- Technical blog posts can be accurate, but forum members still should not assume full validity until there is broader confirmation.
- “Zero-day” in this context usually means no patch is available at disclosure, but exact real-world exploitability can still depend on configuration, version, and attack conditions.
- Without vendor acknowledgement, affected build details and mitigation guidance may be incomplete.
Reasonable next steps for users
- Check Comodo’s official advisories, release notes, and support channels for any statement or update.
- If you use the product in a sensitive environment, consider reducing exposure until there is clarification, especially where remote attack surface is relevant.
- Keep the product and Windows fully updated in case a silent fix or related hardening update appears.
- Monitor trusted community analysis and independent testing rather than relying only on the original post.
About the vendor non-response
A lack of reply is not a good look, but it still does not prove the report was ignored internally. Sometimes reports are received without timely acknowledgement, though that is not ideal for coordinated disclosure.
Bottom line
This should be treated as a credible security claim that deserves attention, but not as fully confirmed fact until there is independent verification or an official vendor response. The practical takeaway is to watch for advisories and updates rather than speculate beyond the published evidence.
This is the guy who found the way loophole to stop the Wannacry ransomware. So, not a random POC creator.
Read more on:
Comodo Internet Security 0-Day Flaw Triggers Windows System Crashes
A remotely exploitable zero-day vulnerability in Comodo Internet Security's kernel-level firewall driver allows attackers to crash Windows systems.
gbhackers.com
Comodo already got so much love from users here.
They don't need such negativity especially this case as remotely exploitable/kernel fw driver.
They don't need such negativity especially this case as remotely exploitable/kernel fw driver.
Here we go again 
I thought we were over this The only voice I want to hear from on Comodo is cruelsister and her tests otherwise 
.
I thought we were over this The only voice I want to hear from on Comodo is cruelsister and her tests otherwise .
Such attacks (RDoS) should not worry home users. However, they are common against enterprises.
This exploit and a few others (still unpatched) make CIS questionable as a protection in businesses.
A better solution for businesses would be Xcitium or another good EDR.
This exploit and a few others (still unpatched) make CIS questionable as a protection in businesses.
A better solution for businesses would be Xcitium or another good EDR.
Well for opinion based information I agee with @Zero Knowledge, but as @SeriousHoax posts this is a white hat security expert with a strong reputation, but as @Andy Ful posts a Denial of Service attack let's your PC crash, not a big deal for home users, but a serious issue for businesses depending on IT/internet and let's be honest CIS is not designed for the B2C market but for the consumer market, making the real world impact of this find minimal, although the lack of offical Comodo response is worrying in relation to brand reputation. But Comodo has both strong advocates and fierce criticizers, so the brand reputation damage is minimal. Hardcore Comodo fans will keep on using CIS. Hardcore criticizers will see this as evidence for their opinion.
Last edited:
Yes, from the vendor's website, we can see that CIS is intended for home users. Anyway, CIS is used sometimes in small businesses too.
We should not demand business-level support; however, many users can feel disappointed.
We should not demand business-level support; however, many users can feel disappointed.
Although an interesting write-up, it's more of a Fun Fact than any sort of critical vulnerability. Actually the author states that the python exploit, although crashing the system, will not result in any sort of Remote Code Execution- "I totally accept defeat, but at least the journey was fun".Here we go again
In the absence of a RCE (which would be a severe problem) we are left with the possibility of causing a crash- just find a Comodo protected system, get it's IP, then run the script remotely and hope the Router doesn't get in the way. Seems like a bunch of work to me, but whatever...
Router bags Oscar for the guest appearance — Comodo wins a show again — Melih will need a trophy shelf upgrade! 
Well most modern (mid and high end) router have Ipv6 statefull packet inspection it would drop the malformed Ipv6 and prevent causing Comodo to go down (as CruelSister hints on), but older and cheaper routers often don´t have that functionality. So people with older or low end routers better not enable Ipv6 because the NAT firewall is for Ipv4 not IPv6 and will let IPv6 packet straight through.
Last edited:
You may also like...
-
New Linux 'Dirty Frag' zero-day gives root on all major distros- Started by Khushal
- Replies: 1
-
FGoogle addresses actively exploited Qualcomm zero-day in fresh batch of 129 Android vulnerabilities
- Started by ForgottenSeer 116559
- Replies: 1
-
-
FVulnerabilities grew like weeds in 2025, but only 1% were weaponized in attacks
- Started by ForgottenSeer 116559
- Replies: 2
-
PoC Exploit Released for Use-After-Free Vulnerability in Linux Kernel POSIX CPU Timers- Started by Brownie2019
- Replies: 2