Discovery of Sandbox Escape on Comodo Container
About Vulnerability: Comodo desktop security products, which has Comodo Container feature are vulnerable to Sandbox Escape due to uncontrolled apply changes. Sandboxed process can change container protection settings and apply on real environment. Therefore isolated process escapes from the sandbox and executes a command on the real system.
- Comodo Antivirus up to 18.104.22.16870 (included)
- Comodo Firewall up to 22.214.171.12470 (included)
- Comodo Internet Security Premium up to 126.96.36.19970 (included)
After the patch is released for vulnerability, we will share the exploitation code.
- 02/11/19 – Vulnerability reported to Comodo.
- 02/15/19 – Detailing on vulnerability with technical team.
- 02/25/19 – Comodo confirmed the vulnerability.
Author: Kağan IŞILDAK