CVE-2014-7872 – Comodo GeekBuddy < 4.18.121 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2014-7872
Comodo GeekBuddy before 4.18.121 does not restrict access to the VNC server, which allows local users to gain privileges by connecting to the server. Comodo GeekBuddy anterior a 4.18.121 no restringe el acceso al servidor VNC, lo que permite a usuarios locales ganar privilegios mediante la conexión al servidor. Comodo Internet Security installs GeekBuddy which installs a weakly secure exposed VNC server. • https://www.exploit-db.com/exploits/37065 http://packetstormsecurity.com/files/135841/Comodo-Internet-Security-VNC-Server-Exposure.html http://www.osvdb.org/122355 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2014-9633 – Comodo Backup 4.4.0.0 - Null Pointer Dereference Privilege Escalation
https://notcve.org/view.php?id=CVE-2014-9633
The bdisk.sys driver in COMODO Backup before 4.4.1.23 allows remote attackers to gain privileges via a crafted device handle, which triggers a NULL pointer dereference. El controlador bdisk.sys en COMODO Backup anterior a 4.4.1.23 permite a atacantes remotos ganar privilegios a través de un manejo de dispositivos manipulado, lo que provoca una referencia a puntero nulo. • https://www.exploit-db.com/exploits/35905 http://forums.comodo.com/news-announcements-feedback-cb/comodo-backup-44123-released-t107293.0.html http://packetstormsecurity.com/files/130094/Comodo-Backup-4.4.0.0-NULL-Pointer-Dereference.html http://www.exploit-db.com/exploits/35905 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2011-5118
https://notcve.org/view.php?id=CVE-2011-5118
Multiple race conditions in Comodo Internet Security before 5.8.213334.2131 allow local users to bypass the Defense+ feature via unspecified vectors. Múltiples condiciones de carrera (race conditions) en Comodo Internet Security anterior a 5.8.213334.2131 permite a usuarios locales saltarse la característica Defense+ a través de vectores no especificados. • http://personalfirewall.comodo.com/release_notes.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2011-5119
https://notcve.org/view.php?id=CVE-2011-5119
Multiple race conditions in Comodo Internet Security before 5.8.211697.2124 allow local users to bypass the Defense+ feature via unspecified vectors. Múltiples condiciones de carrera (race conditions) en Comodo Internet Security anterior a 5.8.211697.2124 permite a usuarios locales saltarse la característica Defense+ a través de vectores no especificados. • http://personalfirewall.comodo.com/release_notes.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2011-5120
https://notcve.org/view.php?id=CVE-2011-5120
The Antivirus component in Comodo Internet Security before 5.4.189822.1355 allows remote attackers to cause a denial of service (application crash) via a crafted .PST file. El componente Antivirus en Comodo Internet Security anterior a v5.4.189822.1355 permite a atacantes remotos causar una denegación de servicio (caída de la aplicación) a través de ficheros .PST manipulados. • http://personalfirewall.comodo.com/release_notes.html •