Comodo Internet Security Premium Manifest File cis_update_x64.xml os command injection

A vulnerability, which was classified as critical, has been found in Comodo Internet Security Premium 12.3.4.8162. This issue affects some unknown processing of the file cis_update_x64.xml of the component Manifest File Handler. The manipulation of the argument binary/params leads to os command injection. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

OS命令中使用的特殊元素转义处理不恰当(OS命令注入)

Comodo Internet Security Premium 命令注入漏洞

Comodo Internet Security Premium是美国Comodo公司的一套主要针对互联网安全的计算机安全软件。 Comodo Internet Security Premium 12.3.4.8162版本存在命令注入漏洞，该漏洞源于对参数binary/params的错误操作导致os命令注入。

N/A

N/A