CVE-2016-20088

HIGH

Comodo Chromodo Browser 52.15.25.664 Unquoted Service Path Privilege Escalation

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-20088. PoCs published by Th3GundY.

AI-analyzed exploit summary This is a technical writeup detailing an unquoted service path privilege escalation vulnerability in Comodo Chromodo Browser's update service. The vulnerability allows local attackers to execute arbitrary code with SYSTEM privileges by exploiting the service path.

Description

Comodo Chromodo Browser 52.15.25.664 contains an unquoted service path vulnerability in the ChromodoUpdater service that runs with SYSTEM privileges. A local attacker can insert a malicious executable in the service path and execute arbitrary code with elevated privileges upon service restart or system reboot.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Th3GundY · textlocalwindows

https://www.exploit-db.com/exploits/40473

View Code ZIP pw:eip

This is a technical writeup detailing an unquoted service path privilege escalation vulnerability in Comodo Chromodo Browser's update service. The vulnerability allows local attackers to execute arbitrary code with SYSTEM privileges by exploiting the service path.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: Comodo Chromodo Browser <= 52.15.25.664

Auth required

Prerequisites: local access to the system · ability to write to the service path directory

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548 - Abuse Elevation Control Mechanism

devstral-2 · analyzed Jun 19, 2026 Full analysis →

References (5)

Core 5

Core References

Exploit exploit

ExploitDB-40473

https://www.exploit-db.com/exploits/40473

Product product

Official Product Homepage

https://www.comodo.com

Product product

Official Product Homepage

http://yildirimyunus.com

Product product

Product Reference

https://www.comodo.com/home/browsers-toolbars/chromodo-private-internet-browser.php

Third Party Advisory third-party-advisory

VulnCheck Advisory: Comodo Chromodo Browser 52.15.25.664 Unquoted Service Path Privilege Escalation

https://www.vulncheck.com/advisories/comodo-chromodo-browser-unquoted-service-path-privilege-escalation

Scores

CVSS v3 7.8

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-428

Status published

Products (1)

Comodo/Chromodo Browser < 52.15.25.664

Published Jun 19, 2026

Tracked Since Jun 19, 2026