CVE Catalog

CVE-2016-20088

HighCVSS 7.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.12%

2th percentile - higher than 2% of all known CVEs

Summary

Comodo Chromodo Browser version 52.15.25.664 contains an unquoted service path vulnerability in the ChromodoUpdater service that runs with SYSTEM privileges. A local attacker can insert a malicious executable in the service path and execute arbitrary code with elevated privileges upon service restart or system reboot.

Risk Assessment

This vulnerability poses a risk to organizations as it allows local attackers to gain full system privileges, potentially leading to serious security breaches.

Recommendation

It is recommended to update Comodo Chromodo Browser to the latest version and to verify and secure service paths to prevent the introduction of malicious software.

Original NVD description (English source)

Comodo Chromodo Browser 52.15.25.664 contains an unquoted service path vulnerability in the ChromodoUpdater service that runs with SYSTEM privileges. A local attacker can insert a malicious executable in the service path and execute arbitrary code with elevated privileges upon service restart or system reboot.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS