CVE-2010-5157
CVE-2010-5157 is a medium-severity vulnerability in Comodo Comodo Internet Security with a CVSS 2.0 base score of 6.2. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-362.
Key facts
- Severity: Medium (CVSS 2.0 base score 6.2)
- EPSS exploit prediction: 0% (31st percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-362
- Affected product: Comodo Comodo Internet Security
- Published:
- Last modified:
Description
Race condition in Comodo Internet Security before 4.1.149672.916 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack.
Frequently asked questions
- What is CVE-2010-5157?
- Race condition in Comodo Internet Security before 4.1.149672.916 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack.
- How severe is CVE-2010-5157?
- CVE-2010-5157 has a CVSS 2.0 base score of 6.2, rated medium severity.
- Is CVE-2010-5157 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (31st percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2010-5157?
- CVE-2010-5157 affects Comodo Comodo Internet Security. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2010-5157?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2010-5157 published?
- CVE-2010-5157 was published on 2012-08-25 and last updated on 2026-06-16.
References
- http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html
- http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html
- http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/
- http://forums.comodo.com/news-announcements-feedback-cis/comodo-internet-security-41149672916-released-t57051.0.html
- http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php
- http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php
- http://www.f-secure.com/weblog/archives/00001949.html
- http://www.osvdb.org/65254
- http://www.osvdb.org/67660
- http://www.securityfocus.com/bid/39924
- http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/
Affected products (1)
- cpe:2.3:a:comodo:comodo_internet_security:*:*:*:*:*:*:*:*
More vulnerabilities in Comodo Comodo Internet Security
- CVE-2011-5123 — Critical (CVSS 10.0): The Antivirus component in Comodo Internet Security before 5.3.175888.1227 does not check whether X.509 certificates in…
- CVE-2011-5121 — Critical (CVSS 10.0): The Antivirus component in Comodo Internet Security before 5.3.175888.1227 does not properly check whether unspecified…
- CVE-2010-5185 — Critical (CVSS 10.0): The Antivirus component in Comodo Internet Security before 5.3.174622.1216 does not check whether X.509 certificates in…
- CVE-2019-18215 — High (CVSS 7.8): An issue was discovered in signmgr.dll 6.5.0.819 in Comodo Internet Security through 12.0. A DLL Preloading…
- CVE-2012-2273 — Medium (CVSS 4.9): Comodo Internet Security before 5.10.228257.2253 on Windows 7 x64 allows local users to cause a denial of service…
- CVE-2011-5122 — Medium (CVSS 4.3): The Antivirus component in Comodo Internet Security before 5.3.175888.1227 allows remote attackers to cause a denial of…
All CVEs affecting Comodo Comodo Internet Security →
Other CWE-362 (Race Condition) vulnerabilities
- CVE-2022-27626 — Critical (CVSS 10.0): A vulnerability regarding concurrent execution using shared resource with improper synchronization ('Race Condition')…
- CVE-2015-8556 — Critical (CVSS 10.0): Local privilege escalation vulnerability in the Gentoo QEMU package before 2.5.0-r1.
- CVE-2014-0703 — Critical (CVSS 10.0): Cisco Wireless LAN Controller (WLC) devices 7.4 before 7.4.110.0 distribute Aironet IOS software with a race condition…
- CVE-2010-1228 — Critical (CVSS 10.0): Multiple race conditions in the sandbox infrastructure in Google Chrome before 4.1.249.1036 have unspecified impact and…
- CVE-2008-6598 — Critical (CVSS 10.0): Multiple race conditions in WANPIPE before 3.3.6 have unknown impact and attack vectors related to "bri restart logic."
- CVE-2026-46137 — Critical (CVSS 9.8): In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: ADD_ADDR rtx: fix potential…