Executive Summary

CVE-2016-20088 is an unquoted service path vulnerability found in the ChromodoUpdater service of Comodo Chromodo Browser version 52.15.25.664. This service runs with SYSTEM privileges. Because the service path is unquoted, a local attacker can insert a malicious executable into the service path. When the service restarts or the system reboots, this malicious executable is run with elevated SYSTEM-level privileges, allowing the attacker to execute arbitrary code on the system.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability allows a local attacker to execute arbitrary code with SYSTEM-level privileges by exploiting an unquoted service path in the ChromodoUpdater service. This elevated privilege escalation could lead to unauthorized access or control over the affected system.

Such unauthorized access and potential control over system processes can compromise the confidentiality, integrity, and availability of sensitive data, which are core concerns of compliance standards like GDPR and HIPAA.

Therefore, if exploited, this vulnerability could result in non-compliance with these regulations due to potential data breaches or unauthorized data manipulation.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability allows a local attacker to escalate their privileges by executing arbitrary code with SYSTEM-level permissions. This means the attacker can gain full control over the affected system, potentially installing malware, stealing data, or disrupting system operations. The attack requires local access and occurs when the vulnerable service restarts or the system reboots.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability involves an unquoted service path in the ChromodoUpdater service running with SYSTEM privileges. To detect it, you can check the service path for unquoted spaces which may allow insertion of malicious executables.

• Use the command `sc qc ChromodoUpdater` in a command prompt to display the service configuration, including the executable path.
• Inspect the service path output for unquoted spaces. For example, a path like `C:\Program Files\Chromodo Browser\ChromodoUpdater.exe` without quotes is vulnerable.
• Alternatively, use PowerShell to query the service path: `Get-WmiObject win32_service | Where-Object {$_.Name -eq 'ChromodoUpdater'} | Select-Object PathName`.
• Look for any suspicious executables placed in directories along the unquoted service path that could be executed with elevated privileges.

Useful 0 Not Useful 0

Mitigation Strategies

To mitigate this vulnerability, you should update the Comodo Chromodo Browser to version 52.15.25.665 or later, where the issue has been fixed.

If immediate update is not possible, manually correct the service path by quoting the executable path in the ChromodoUpdater service configuration to prevent exploitation.

Additionally, restrict local user permissions to prevent unauthorized users from placing executables in directories along the service path.

Restart the service or reboot the system after applying fixes to ensure the vulnerability is mitigated.

Useful 0 Not Useful 0