Here is author’s post (there is a source code for his PoC in this post):
This thread is very important, there is a serious mistake in Memory Firewall!Memory Firewall is only detecting calls to ShellExecute, WinExec and so on, but it’s not detecting calls to the standard C system() call. This is a serious security flaw since system() can do everything that ShellExecute can do. I want some developers in this thread.
Im not using Memory Firewall since i found out that it’s useless, also, DEP and ASLR is a better way to protect your system since it does not need the “black list” of calls becaue everything is stopped.
Memory Firewall code is now part of CIS D+.
Can Comodo developers (e.g. Tyler Durden) confirm or disprove this kind of BO attack is a real life threat which bypasses BO protection of D+ ? –answer has already been provided, see next post