Critical Zero-Day Vulnerability in Comodo Internet Security Exposes Windows Systems to Remote Crashes A severe zero-day vulnerability, dubbed ComoDoS, has been discovered in Comodo Internet Security’s firewall driver, Inspect.sys, allowing attackers to remotely crash Windows systems with a single maliciously crafted IPv6 packet regardless of firewall rules. The flaw, identified by security researcher Marcus Hutchins (Malwaretech), stems from an integer underflow in the driver’s IPv6 extension header parser. The vulnerability affects Comodo’s kernel-mode firewall driver, which parses incoming packets before applying security rules. By exploiting an unchecked integer underflow in the IPv6 payload length field, an attacker can force the system to miscalculate memory allocations, leading to an immediate crash. The proof-of-concept (PoC) exploit, publicly available on GitHub, demonstrates how a compact IPv6 packet with a manipulated Destination Options header (type 60) can trigger the flaw, even if all ports are blocked. Beyond denial-of-service (DoS), the underflow introduces two memory corruption primitives: an out-of-bounds (OOB) read in a WebDAV/HTTP scanner and an OOB write via memcpy, both of which reliably crash the system due to the impossibly large memory spans involved. While remote code execution (RCE) appears unlikely due to packet size limitations, the flaw remains critical, as it bypasses all firewall protections. Despite responsible disclosure including a root-cause analysis, patch recommendations, and a PoC Comodo has failed to acknowledge or address the issue. This follows a pattern of vendor inaction; the Zero Day Initiative (ZDI) previously documented a separate Comodo vulnerability (ZDI-24-953) that remained unpatched for nearly two years. Users of Comodo Internet Security are left exposed, with no official mitigation or timeline for a fix.