I already asked for it and got an answer. But now on reason of this article another question.
There it says:
Exploitation to SYSTEM From the top, we run our sandboxed application, which then process hollows a Comodo signed binary (to bypass CmdAgent signature check) which then runs our COM code we wrote and does a registry write as SYSTEM from our ?contained? process. A practical escalation through this would be to hijack an existing service and a decent service to hijack was CmdAgent.exe itself. By replacing the ImagePath data in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CmdAgent, this would replace the CmdAgent service with our own binary, which will run as SYSTEM....we would need CmdAgent service to restart if we wanted to instantly gain these SYSTEM privileges (opposed to waiting for next restart). Luckily, we have a way of doing that, as I found a way we can crash CmdAgent, which will cause the service to be ?revived? and mistakenly start our ImagePath we wrote to protected registry key. The CmdAgent crash is very simple, as the process exposes a Section Object of structural data that writable by EVERYONE: (Figure 24 ? CmdAgent.exe Section Object Exposing Writable Object Data (SharedMemoryDictionary).. (deleted: There was a mistake on my part.)
Can this also happen when protected in comodo?