Buffer Overflow Testing Application!

Lets see if your security products (AV, firewall or other) protect you from a Buffer Overflow (BO) attack, which is one of the most common form of attacks for users. Especially Drive-by-Download attacks extensively utilise BO to inject malware to users’s machines.

COMODO BO Tester is a testing utility which checks whether your system is vulnerable to buffer overflow attacks or not.

COMODO Memory Guardian protects your applications against these attacks in both 32 bit and 64 bit environments.

It includes 3 separate tests each of which tries to exploit a different type of attack technique.

Test 1

Tests the protection against stack overflows i.e. code execution in the stack

Test 2

Tests the protection against heap overlows i.e. code execution in the heap

Test 3

Tests the protection against ret2libc attacks i.e. one of the most difficult to detect BO attacks.

If your host (PC/Machine) is protected, the utility will report the status “Protected”
ortherwise it will report “Vulnerable”

Download Locations :

For 32 bit Operating Systems

For 64 bit Operating Systems

Go ahead and distribute this to everyone you know to see if they are protected or not… and for the Protection come and get Comodo Memory Guardian… FOR FREE!!!


Hi Melin


Test 1 & 2 showed “Protected”, but Test 3 showed that my system is vulnerable.Pls suggest what to do now?

Hi Melih,

I have installed the Comodo Memory Guardian, and it told me all three tests are protected, but I’m just wondering if I should be seeing any activity to know that this is working? Since I installed it, it just sits in my tray. Does it need to get updated? Just curious.

Thank you for the great products, I appreciate the time and expense that your company puts into deveopments for people like me who have no clue! (V)

Hi Grcguy

yep, its working!
you don’t get BOd everyday… but when you do… you are hosed! So leave it running. it will save you one day!


Hi. Install Comodo Memory Guardian :slight_smile:

Just a point to make that did confuse me on the first run.

You have to click on ‘kill’ on all 3 pop-up boxes if you have CMG installed, then the test says you are ‘protected’ on all 3 threats.

If you ‘allow’ all 3 in CMG then the test shows ‘Vulnerable’.

Logical but I had to think about it. :wink:

Good little test program though; thanks Melih. :slight_smile:


Good test. Also good to see that CAVS HIPS prevents any of the tests from running if you tell it to.


CAVS doesn’t protect from BO, it just block “suspicious behavior” of test’s files.

If HIPS warns about a file attempting to do something and then is able to stop that file’s action then surely this is a form of protection. Merely a different type or ‘added layer’ of protection.

I know the HIPS in CAVS at present will not prevent some files from acting (though I believe CFP beta is better), as I have discovered with a few nasties, however it is reassuring that it can stop some files. All part of Melih’s concept of layered protection - what one layer misses another catches. ;D

Well, my McAfee product (latest and most updated version) failed all three tests. Time to switch to Comodo - Thanks!

i even failed all of tests.

i have CAVS, CFP 2.4, CBOclean, & CMG. i disabled CMG and tried the tester, i failed all of the tests, (HIPS warning showed up though).
is it normal?
so AV & firewall can’t protect our computer from BO attack at all?

well v3 of our firewall can, cos it will have CMG built in.


:■■■■ :■■■■ :■■■■ cheers to that


EDIT : i’m talking about CMG and not the tester which works fine, I’m in the wrong post.

Seems interesting. However, what is the overhead caused by CMG ? I mean, it must check every memory access for every application constantly ? Doesn’t it slow down the system ?
Also, I’m on Vista x64 and wanted to give it a try, but it cannot install as apparently one file is not signed.


There’s no “overhead” (overhead ?) caused by CMG at all, it’s very VERY fast due to it’s original protection method (and it’s a secret actually :))


That’s good to know, I would be happy to test it, but as I said I cannot install CMG on my Vista x64.
Vista complains about something not signed and do not let me the choice to install it.

Is this a known issue ?


Yes, in vista64 unsigned drivers are not allowed. CMG’s driver will be signed for release ofcourse, anyway you can test it by pressin’ F8 during boot (as you’re doin’ to enter safe mode), there’s a boot variant to disable drivers’ sign checking.


I am aware of this tips, but I will simply wait the final release then :wink:
Is there any date ?


It’s kind of fun to see issues about some comodo drivers not signed, when comodo live by and for things such as digital signature / certificate.

This place comodo freeware in a nice position as i imagine very few 100% free software (no ads, nothing) can support the cost of such digital certificate by certified roots

Maybe this could lead Comodo to some support free software(/security) initiative to help some choosen freeware in exchange of some comodo visibility. But i guess we have to wait for more spread 64 bit computing before we can see things such as these.

I have updated to v. and noted that when run for the first time it brings up the CMG test program.
Is this incorporated into the new version, or does it just call the test program if already installed? Just curious.