Where to report Comodo Sandbox bypass/escape vulnerability in CIS

Comodo Internet Security - CIS Resolved/Outdated Issues - CIS
#1

Hello,

Version of CIS: 6.3 . Free version. Fully updated
OS: Windows 7

We found a critical vulnerability in CIS.exe executable, when it is invoked in a peculiar manner sandbox can be bypassed and escaped.

i.e While running the exe in sandbox we can able to come out of the sandobx and create a service.

We have full POC code. It consits of 2 execuatables.

  1. CIS.exe ( Its the comodo internet security executable it self from installation)
  2. cmdhost.dll (Which is crafted dll coded by us)

When the CIS.exe is run in sandbox (by right click and run in sandbox) or by simply double clicking it, it is possible to escape from the sandbox and other protection mechanisms and create a service with name, ComodoPoc.

From the rules, it is understood that we cant upload the exe in the bug report.

What is the proper channel to report this vulnerability POC with code.

Most importantly do you acknowledge publicy our contribution?

#2

First of all, I should mention that I am a volunteer Moderator and not Comodo staff. However, I can pass this on to Comodo staff, and ask that your contribution be publicly acknowledged. I have seen in the past that if a user finds and reports a vulnerability, and asks that their contribution be acknowledged, that it will be acknowledged upon the release of the version which fixes the vulnerability.

As for reporting this vulnerability, please edit your first post so that it is in the format provided here:
https://forums.comodo.com/bug-reports-cis/new-format-draft-do-not-use-yet-being-updated-t90436.0.html;msg651613#msg651613
Just copy and paste the code. Then put youre responses after the colons. Make sure that this report contains all information for how the POC should be set up and run.

Also, in order to pass this POC on to Comodo, please upload it to a file sharing site and send me a PM with a download link. I can then pass this directly on to the devs.

Let me know if you have any questions at all.

Thank you.

#3

I have moved these first two posts to the Outdated section. This is because all bug reports must begin with the formatted report.

Thanks.