Description Found multiple vulnerabilities in Comodo Internet Security 2025, which can lead to: Download and install update from untrusted server. Deliver malicious file and gain Remote Code Execution with SYSTEM privilege via fake update package. Path Traversal allows Arbitrary File Write anywhere in system, allowing persistent malware delivery. Environment Victim: Windows 10 64 bits, update to 12th June 2025. IP address: 10.10.14.4 Comodo installer: cispremium_installer_6100_08.exe, fully updated software and signatures to 12th June 2025 (Download link: https://www.comodo.com/home/download/download.php?prod=cis) Comodo IS was using default settings, and HIPS was not enabled. Attacker: Kali machine in the same LAN with victim, IP: 10.10.14.10 Fake update server IP: 192.168.58.192. Victim machine can connect to fake server. Improper Certificate Validation leads to redirect update traffic to untrusted update server (CWE-295) Root-cause By default, Comodo Internet Security uses HTTPS connection to https://download.comodo.com/ to check for update. However, Comodo IS does not validate the SSL certificate of the connection, allowing a threat actor to perform a DNS spoofing attack to redirects update traffic to fake update server. Steps to re-procedure 1. Setup untrusted server with local SSL Threat actor must setup HTTPS server with apache2 using localhost cert using these steps: Generate cert openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout localhost.key -out "/C=VN/ST=Hanoi/L=Hanoi/O=Dev700/CN=localhost"