从这个网页截图中可以获取到以下关于漏洞的关键信息: 提交编号: #603713 标题: Comodo Security Solutions Comodo Internet Security Premium 12.3.4.8162 Improper Validation of Integrity Check Value 描述: Comodo update server uses manifest file cis_update_x64.xml to define metadata of binaries to update. Comodo IS doesn't verify authenticity and integrity of this manifest file. Threat actor can deliver malicious scripts and execute to gain remote control as SYSTEM privilege. 来源: https://drive.google.com/file/d/1anWavYsT5cE_nVbc8ULvUL5yCfKKXPrw/view?usp=sharing 提交者: EPT (is Security) (UID: 72757) 提交时间: 2019-06-25 10:47 AM (10 days ago) 审核时间: 2019-07-05 05:30 PM (4 days later) 状态: reviewed VulDB条目: [71806] [Comodo Internet Security Premium 12.3.4.8162 Manifest File cis_update_x64.xml Integrity Check] 积分: 19 这些信息表明,该漏洞涉及Comodo Internet Security Premium软件在更新过程中对manifest文件的完整性检查不当,可能导致远程攻击者通过恶意脚本获得系统权限。