CIS 2012 cmdguard.sys <= 5.9.25057.2197 Local kernel mode D.O.S Vulnerability

Comodo Internet Security 2012 cmdguard.sys <= 5.9.25057.2197 Local Kernel Mode D.O.S Exploit

Date: 2012-2-3

Author : 3DNow

Version: Comodo Internet Security 2012 5.9.221665.2197

Tested on: Windows XP SP3

As picture shown , CIS 5.9 , enable D+ and sandbox, system will crash after run POC program.

POC is in attachment , password as well.

[attachment deleted by admin]


password is same as my previous post , and for comodo staff only.

OP should claim that this BSOD flaw is for comodo’s un-behaving about the previous critical kernel flaw for almost 24 hours after getting the POC :wink:


Can you give me the password so that I can check it I get the BSOD or not?

I will check on real system XP SP3.

I guess you too checked on real system.

He has claimed the password is only for staff.
if your chinese is good enough, you can see this post.
I think the google translate version is also very powerful ;D

Actually I want to test it.

Ok lets see what this issue is about.

However in the future, the ethical way to follow would be reporting the vulnerability to us in private, let us fix the issue and issue the update before you disclose the vulnerability.

This way we will be able to protect the customers before they are exploited. And in the updates, we will officially thank and credit you.

This is an unwritten rule in the security industry and its the best path to follow. You can PM me on these any time.


I just fllow this “rule” : the zip file contains exploit is encrypted with password(more than 30 digits) , and only your staff have that password.
(I using PGP desktop before , that’s more secure ,but your staff told me he do not have pgp software~)

Excellent thanks. I will PM you my email and you can use it in the future for direct contact.

Thanks egemen, Will a fix for this also be in the upcoming 5.10 you were referring to in 3DNow’s other topic?