Bypassing PFW/HIPS open process control with uncommon identifier [Resolved]

Some actions to be taken:

Bypassing PFW/HIPS open process control with uncommon identifier

(2007/05/15 09:13)

Our today’s advisory may affect more personal firewall and HIPS products that implement some kind of process protection or process access control. Vulnerable products implement control of OpenProcess API that covers only identifiers divisible by four and does not handle identifers that are not divisible by four properly. ZoneAlarm Pro 6.1 and Comodo Personal Firewall 2.3 and Comodo Firewall Pro 2.4 were confirmed to be vulnerable. ZoneAlarm Pro 6.5 and higher are not vulnerable. Exploiting this vulnerability can be used to bypass self-protection mechanisms of security software, for example to terminate their core components.

It immediately serves update in attended of Comodo Firewall Pro 3

Hi everyone,

I read the advisory released by matousec, it made me worried a bit. I have also downloaded the test file provided to see it myself…
Well, I saw it…Nothing has happened :slight_smile: So maybe my system is so bogous (it has been waiting for a reinstall since September, the last year…and I am still waiting for a DVD-RW to do the backup), or I misunderstood the instructions given with the test file…
Anyhow, I think all of us would like to see some comment about this by comodo staff.
Oh, btw if you dare to try it out, here is the link:
So comodo team or moderators:), any feedback on this would be appreciated. I have a feeling about “this is already addressed in v3”, but it isn’t released yet…(sorry for my poor English, Im quite tired)


It has been stated CPF 3 has fixed many of the vulnerabilities reported by Matousec, such as this one.


Therefore this thread is closed.