Bugtraq mailing list archives

[CVE-2012-2273] Comodo Internet Security <5.10 BSOD (Win7 x64)

From: Ange Albertini <ange.albertini () gmail com>
Date: Thu, 19 Apr 2012 17:22:36 +0200

[affected software]
Comodo Internet Security, until 5.9

[description]
BSOD under Windows 7 x64 if a 32b PE with a kernel ImageBase is executed.

such files are very unusual, but work perfectly if the PE contains
relocations, as shown at http://pe.corkami.com#ImageBase and
http://pe.corkami.com#relocations

PoCs downloadable on http://pe.corkami.com, files: tls_reloc ibkernel
ibkmanual reloccrypt

[author]
Ange Albertini (corkami.com)

[vendor communication]
5th January 2012 - details shared with the vendor
23th January 2012 - patch is planned
12th March 2012 - bug are fixed in 5.10

from http://www.comodo.com/home/download/release-notes.php?p=anti-malware

5.10.228257.2253: 12 March, 2012
 * IMPROVED! Compatibility with other security suites is improved in
Windows 7 x64
 * FIXED! BSOD when corrupted executables are loaded in memory in Windows 7 x64
 * FIXED! HIPS can leak process handles with a special set of access rights
 * FIXED! Smart scan crashes under certain circumstances

[mitigation]
update to 5.10 or later

Current thread:

[CVE-2012-2273] Comodo Internet Security <5.10 BSOD (Win7 x64) Ange Albertini (Apr 19)