EIP-2026-115068

PRE-CVE

Comodo - LZMA Decoder Heap Overflow via Insufficient Parameter Checks

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-115068. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit leverages a heap buffer overflow in the LZMA decompression process due to improper validation of the 'lp' and 'lc' parameters, leading to memory corruption and potential remote code execution as NT AUTHORITY\SYSTEM.

Description

Comodo - LZMA Decoder Heap Overflow via Insufficient Parameter Checks

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textdoswindows

https://www.exploit-db.com/exploits/39602

View Code ZIP pw:eip

This exploit leverages a heap buffer overflow in the LZMA decompression process due to improper validation of the 'lp' and 'lc' parameters, leading to memory corruption and potential remote code execution as NT AUTHORITY\SYSTEM.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Comodo Antivirus (specific version not specified)

No auth needed

Prerequisites: Ability to deliver a maliciously crafted LZMA file to the target system

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026