Discovery of Sandbox Escape on Comodo Container
Summary
About Vulnerability: Comodo desktop security products, which has Comodo Container feature are vulnerable to Sandbox Escape due to uncontrolled apply changes. Sandboxed process can change container protection settings and apply on real environment. Therefore isolated process escapes from the sandbox and executes a command on the real system.
Affected Products
- Comodo Antivirus up to 12.0.0.6870 (included)
- Comodo Firewall up to 12.0.0.6870 (included)
- Comodo Internet Security Premium up to 12.0.0.6870 (included)
Affected Component
- cis.exe
- cmdvirth.exe
- cmdvrt{86/64}.dll
PoC
After the patch is released for vulnerability, we will share the exploitation code.
Disclosure Timeline
- 02/11/19 – Vulnerability reported to Comodo.
- 02/15/19 – Detailing on vulnerability with technical team.
- 02/25/19 – Comodo confirmed the vulnerability.
Author: Kağan IŞILDAK
CVE: CVE-2019-14270