CVE-2016-20090
HighCVSS 7.8Exploitation Probability (EPSS)
Low risk2th percentile - higher than 2% of all known CVEs
Summary
Comodo Dragon Browser versions up to 52.15.25.663 contain a privilege escalation vulnerability in the DragonUpdater service due to an unquoted service path running with SYSTEM privileges. A local attacker can insert a malicious executable in the service path and execute arbitrary code with elevated privileges upon service restart or system reboot.
Risk Assessment
This vulnerability poses a risk to organizations by allowing local attackers to gain elevated privileges and potentially take control of the system.
Recommendation
It is recommended to update the Comodo Dragon Browser to the latest version to mitigate this vulnerability and to monitor systems for unauthorized changes.
Original NVD description (English source)
Comodo Dragon Browser versions up to 52.15.25.663 contain a privilege escalation vulnerability in the DragonUpdater service due to an unquoted service path running with SYSTEM privileges. A local attacker can insert a malicious executable in the service path and execute arbitrary code with elevated privileges upon service restart or system reboot.

