CVE-2026-49494

HIGH

Comodo Internet Security Inspect.sys IPv6 Integer Underflow Remote Denial of Service

Title source: cna

Description

Comodo Internet Security's firewall driver Inspect.sys contains an integer underflow in its IPv6 packet parser. The parser decrements an unsigned 64-bit payload-length value (taken from the IPv6 fixed header's payload length field) by the size of each IPv6 extension header without validating it, so a packet whose declared payload length is smaller than the sum of its extension-header lengths underflows the value to a near-maximal 64-bit integer. Because IPv6 parsing occurs before firewall rule enforcement, a remote, unauthenticated attacker can send a single crafted IPv6 packet - even to a host with all ports blocked - to trigger an out-of-bounds read (and, on a separate code path, an oversized memcpy) in the Windows kernel at DISPATCH_LEVEL, crashing the system (BSOD).

References (3)

Core 3

Core References

Exploit technical-description exploit

MalwareTech - ComoDoS

https://malwaretech.com/2026/06/exploiting-a-remote-kernel-vulnerability-in-comodo-internet-security.html

Exploit exploit

Proof of Concept

https://github.com/MalwareTech/ComoDoS

View Exploit ZIP pw:eip

Third Party Advisory third-party-advisory

VulnCheck Advisory: Comodo Internet Security Inspect.sys IPv6 Integer Underflow Remote Denial of Service

https://www.vulncheck.com/advisories/comodo-internet-security-inspect-sys-ipv6-integer-underflow-remote-denial-of-service

Scores

CVSS v3 7.5

EPSS 0.0044

EPSS Percentile 34.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-191

Status published

Products (1)

Comodo/Comodo Internet Security < 12.3.4.8162

Published Jun 07, 2026

Tracked Since Jun 07, 2026