Did anyone of comodo notice, that a real world buffer overflow not neccessarily has to call APIs by using the "usual" entry points.
What happens in Windows is, is the Windows API forwards the call from user mode into kernel mode with small stubs of code that issue an interrupt that transfers into kernel mode. From there, some other code runs in kernel mode, the actual functions body.
So what any exploit can do, is simply use the existing call gates loading some registers (function id), pushing parameters on the stack and issuing an interrupt to actually call the function bypassing commodo's "protection" against buffer overflows at user mode API level.
You guys are funny. I recommend to stick with a solution like Sys-Manage BufferShield or a computer having hardware DEP properly enabled than using such a placebo security. Sorry. Failure!
PS: I can release some proof of concept if you like...