Discovery of Sandbox Escape on Comodo Container
About Vulnerability: Comodo desktop security products, which has Comodo Container feature are vulnerable to Sandbox Escape due to uncontrolled apply changes. Sandboxed process can change container protection settings and apply on real environment. Therefore isolated process escapes from the sandbox and executes a command on the real system.
- Comodo Antivirus up to 220.127.116.1170 (included)
- Comodo Firewall up to 18.104.22.16870 (included)
- Comodo Internet Security Premium up to 22.214.171.12470 (included)
After the patch is released for vulnerability, we will share the exploitation code.
- 02/11/19 – Vulnerability reported to Comodo.
- 02/15/19 – Detailing on vulnerability with technical team.
- 02/25/19 – Comodo confirmed the vulnerability.
Author: Kağan IŞILDAK