Hello Comodo Team, There are several vulnerabilities that have not been fixed.
Can anyone tell me when these serious fixes that are in the CIS will be made?
See the links below for the vulnerabilities.
Hi New_Style_xd,
Thank you for reporting.
We will take this to the team notice and update you.
Thanks
C.O.M.O.D.O RT
Please note that for this vulnerability that: “An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.”.
In other words the system must be infected by something first before the vulnerability can work.
That’s why it’s a CVE, it has to be fixed.
This list of bugs from CIS is already circulating in several forums. It won’t be good for COMODO’s image if they don’t release these fixes.
There another vulnerability for Comodo but it’s open source malware which bypass Comodo Sandbox environment and deletes everything. But it’s not CVE.
Really? Please post the SHA-256 here (if it is open source it would be readily available at the usual places) so that it can be confirmed.
I honestly don’t understand this unbridled desire to bypass Comodo’s protection. It almost seems like you’re trying everything to succeed…and failing.
Hmmmmm a man with his own AV on here…Yeah I wonder as well…
I have been using CF for years and continue to either find or write malware to bypass it, so far without Joy (haven’t had such a problem with other anti-malware applications as most of my >200 videos can attest).
I personally feel that this sort of continued hammering is essential as I, as noted, personally use it and have recommended Comodo to others for quite a while. So I continue to be as Cruel as possible in testing both to ensure my personal freedom from malware as well as saving face in my recommendations to others.
I agree with you, most people are pointing out flaws and vulnerabilities that are already being exploited, and most want to get around the situation.
People aren’t seeing that CIS has a security flaw that is already being exploited.
I think they are fanboys.
The work you do with your tests is commendable, I really like it.
But we can’t hide the truth.
What we are showing are bugs that have already been exploited by several people.
We are alerting them so that the CIS team can fix them.
That’s all we are doing and we want you to be successful in fixing them as quickly as possible.
Thank you!
As I understand it (with translation help), you managed to outsmart other security programs. So you couldn’t manage it, not to outsmart them.
How were people tricked? So, did they have their data stolen, bank accounts emptied, blackmailed, ordered things online under their names? I’m asking because after all this eon of using Comodo, I haven’t had any damage from any software or “break-in” due to a vulnerability.
Am I a fanboy who closes his eyes and doesn’t see that $4,999 is suddenly missing from my bank account or that my hard drive was encrypted? I’m already doubting myself? Do Cyber criminals not like me? I’d like to be really harmed so that I don’t have to be a fanboy anymore. Because then I would still stay with Comodo. A fanboy wouldn’t turn his back on it just because of that.
Maybe I didn’t express myself well, I was referring to @XylentAntivirus. Your work (Cruelsister) is to be commended. I have been using only your configuration for years and I am calm and protected.
The issue with bringing up some CVE’s is that frequently there is a lack of understanding on how the vulnerability works, and if it can occur on a System that has not been previously tampered with.
In the case of cve-2024-7252 referenced in the first post, tampering must precede the issue: “An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability”.
In other words, this malicious attack must FIRST bypass Comodo BEFORE stuff can happen to cmdagent, and there is no evidence that this is possible.
First off, thank you for supplying the malware link. This guy asctually hs been known for a while *mechanism is fairly similar to Emotes and Astaroth among others) in that it is primarily a powershell attack with an Outbound connection regyest to connect to malware command (In Amsterdam in this case).
But just like the others mentioned, this lnk file is contained by Comodo at even the base setting with a FW alert for the Outbound request (although if CF is in Silent Mode there would be no popups at all- the file would be contained silently and the Outbound request would be denied by default).
My Thanks to XylentAV for following up on this!!!
Meghan
Yes, exactly all of this happened. You are smart.
I agree with you, All that said, it is still an exploited vulnerability and needs to be fixed.
Thank you for this assessment. Smart enough that I have so far been spared the break-ins that others, perhaps you too, have had to experience bitterly. With cruelsisters’ advice and my own rules, I’ve managed to do well, haven’t I?