CVE Catalog

CVE-2016-20090

HighCVSS 7.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.12%

2th percentile - higher than 2% of all known CVEs

Summary

Comodo Dragon Browser versions up to 52.15.25.663 contain a privilege escalation vulnerability in the DragonUpdater service due to an unquoted service path running with SYSTEM privileges. A local attacker can insert a malicious executable in the service path and execute arbitrary code with elevated privileges upon service restart or system reboot.

Risk Assessment

This vulnerability poses a risk to organizations by allowing local attackers to gain elevated privileges and potentially take control of the system.

Recommendation

It is recommended to update the Comodo Dragon Browser to the latest version to mitigate this vulnerability and to monitor systems for unauthorized changes.

Original NVD description (English source)

Comodo Dragon Browser versions up to 52.15.25.663 contain a privilege escalation vulnerability in the DragonUpdater service due to an unquoted service path running with SYSTEM privileges. A local attacker can insert a malicious executable in the service path and execute arbitrary code with elevated privileges upon service restart or system reboot.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS