Perhaps you could compile a list of what has been fixed and what remains outstanding from the 2019 posts and the bug lists you shared. Just to clarify, these are usability bugs, not the current CVEs we've been discussing.
Should Comodo users stop using Comodo?
- Thread starter Andy Ful
- Start date
I'm glad they're finally addressing usability issues, these should have been dealt with some time ago. However, this still doesn’t resolve the CVEs. Also, in the last thread I checked, the top post raised concerns about the BSODs some users were experiencing.
You just gotta love when a stone is flying to your garden and then suddenly and miraculously, it boomerangs… goes wherever it’s come from.
Sounds like classic deflection, throwing stones while imagining you’re the master of the cosmos.You just gotta love when a stone is flying to your garden and then suddenly and miraculously, it boomerangs… goes wherever it’s come from.
@Divergent,
What do you think about those articles:
www.vulncheck.com
www.vulncheck.com
What do you think about those articles:
2025 Q1 Trends in Vulnerability Exploitation | Blog | VulnCheck
In Q1 2025, VulnCheck identified evidence of 159 CVEs publicly disclosed for the first time as exploited in the wild.
State of Exploitation - A Peek into the Last Decade of Vulnerability Exploitation | Blog | VulnCheck
A Look into the Last Decade of Vulnerability Exploitation… 2014 - 2023
I believe these examples illustrate why our security products need to be more proactive in addressing vulnerabilities. The environment is inherently vulnerable, which is precisely why we rely on security solutions in the first place.@Divergent,
What do you think about those articles:
2025 Q1 Trends in Vulnerability Exploitation | Blog | VulnCheck
In Q1 2025, VulnCheck identified evidence of 159 CVEs publicly disclosed for the first time as exploited in the wild.State of Exploitation - A Peek into the Last Decade of Vulnerability Exploitation | Blog | VulnCheck
A Look into the Last Decade of Vulnerability Exploitation… 2014 - 2023
These vulnerabilities and vendors have nothing to do with Comodo. This is software deployed predominantly on business environment, for a business, migration from Windows to (not sure what) is not as straight forward as uninstalling Comodo.
On the report provided, there are no cyber security vendors.
Leading vendors and products impacted included:
On the report provided, there are no cyber security vendors.
Leading vendors and products impacted included:
- Microsoft Windows (15)
- Broadcom VMware (6)
- Cyber PowerPanel (5)
- Litespeed Technologies (4)
- Totolink Routers (4)
Yes. I tried to find any evidence for exploiting AVs (Home and Small Business versions). No evidence found.
Did you ever saw something like that?
Well I remember several reports, about outdated unarchiving components in major AVs, I remember Trend Micro vulnerability in certain parsers were the culprit of the Toshiba attack, I remember several drivers being part of BYOVD attacks (Zemana, Avast). I can’t really find evidences to that anymore, it’s all from my memory.
Apart from Zemana, it was alp fixed quickly.
The Trend Micro vulnerability was exploited as part of a highly targeted attack.
I think there’s more to uncover here , I was able to find a few of these within a few minutes. I also know you were aware of the Microsoft examples.
Notable real-world examples
Microsoft Defender / Malware Protection Engine (CVE‑2021‑1647) — Microsoft acknowledged this as a zero‑day in the Malware Protection Engine and said it had been exploited in the wild. This is a canonical example of an AV engine vulnerability used by attackers.
Microsoft Defender (Malware Protection Engine) — CVE‑2021‑1647 (Jan 2021)
Proof summary: Remote code execution bug in the Defender scanning engine that Microsoft and CISA confirmed was exploited in the wild prior to the patch.
Sources: Microsoft/CISA advisory & Project Zero analysis.
Sophos XG Firewall (SFOS) — CVE‑2020‑12271 (Apr 2020)
Proof summary: Pre‑auth SQL injection in Sophos XG that Sophos discovered after seeing active attacks; multiple vendors and US health sector advisory documented in‑the‑wild exploitation (Asnarök malware observed).
Sources: Sophos advisory / NVD / HC3 alert / Rapid7 writeup.
Sophos Web Appliance — CVE‑2023‑1671 (Apr 2023; added to CISA KEV Nov 2023)
Proof summary: Pre‑auth command‑injection in the Sophos Web Appliance; CISA added CVE‑2023‑1671 to its Known Exploited Vulnerabilities (KEV) catalog after evidence of active exploitation.
Sources: NVD + CISA/KEV reporting and security press.
Sophos Firewall (SFOS) — CVE‑2022‑3236 (Sept 2022)
Proof summary: Critical code injection / RCE in Sophos firewall products; vendor patched and later warned of exploit attempts against older versions — Sophos confirmed active exploit attempts.
Sources: Sophos security advisory / government reporting.
Trend Micro Apex One (On‑Prem Management Console) — CVE‑2025‑54948 & CVE‑2025‑54987 (Aug 2025)
Proof summary: Critical command‑injection / RCE affecting the Apex One management console. Trend Micro stated they had observed at least one attempt to exploit the flaw in the wild and distributed emergency mitigations/patches. (Enterprise endpoint/management console = security product.)
Sources: Trend Micro advisory / Qualys & industry reporting.
6. (Representative class example) — multiple endpoint/firewall vendors added to CISA’s KEV catalog
Proof summary: CISA’s Known Exploited Vulnerabilities catalog is an authoritative list of CVEs where evidence supports active exploitation; several security‑product CVEs (e.g., Sophos CVE‑2023‑1671) are present there. Use KEV to back any “exploited in the wild” claim.
Source: CISA KEV.
Last edited:
Yes. I counted that most AVs have, on average, 1-2 vulnerabilities a year. I checked your information and found out that in the last 6 years, there were 11 CVEs successfully exploited for Trend Micro products:
OfficeScan - 5
Worry-Free Business - 3
Apex - 5
But Trend Micro patches…Yes. I counted that most AVs have, on average, 1-2 vulnerabilities a year. I checked your information and found out that in the last 6 years, there were 11 CVEs successfully exploited for Trend Micro products:
OfficeScan - 5
Worry-Free Business - 3
Apex - 5
I found two CVEs exploited in the wild for Microsoft Defender:
2017 (CVE-2017-8540) and 2021 (CVE-2021-1647)
2017 (CVE-2017-8540) and 2021 (CVE-2021-1647)
Found two exploitation in the wild for ESET:
www.securityweek.com
www.bd.com
ESET Vulnerability Exploited for Stealthy Malware Execution
A sophisticated APT tracked as ToddyCat has exploited an ESET DLL search order hijacking vulnerability for malware delivery.
Third-Party Vulnerability: ESET – Privilege Escalation | BD
Microsoft and Third Party Patches for ESET – Privilege Escalation
www.bd.com
Last edited:
Look back up at my last postFound one exploitation in the wild for ESET:
ESET Vulnerability Exploited for Stealthy Malware Execution
A sophisticated APT tracked as ToddyCat has exploited an ESET DLL search order hijacking vulnerability for malware delivery.
Exploited in the wild means that it affected people even though it was patched some time after exploitation.Look back up at my last post
The examples do not include POCs only.
You may also like...
-
-
Why Don’t Major AV Vendors Use Auto-Containment Like Comodo?
- Started by NoveyBoy
- Replies: 23
-
Hacked, leaked, exposed: Why you should never use stalkerware apps- Started by Gandalf_The_Grey
- Replies: 0
-
Intel CPUs are crashing again during summer heatwaves, Firefox dev warns — Mozilla staff's tracking overwhelmed
- Started by jamey910111
- Replies: 3
-
7-Zip fixes bug that bypasses Windows MoTW security warnings, patch now
- Started by Gandalf_The_Grey
- Replies: 0