Dario Menichelli

**Name of the Vulnerable Software and Affected Versions** Comodo Firewall Pro versions prior to 3.0 **Description** The issue arises from improper validation of certain parameters to hooked System Service Descriptor Table (SSDT) functions. This can be exploited by local users to cause a denial of service, resulting in a system crash. The exploitation vectors include a crafted `OBJECT ATTRIBUTES` structure in a call to the `NtDeleteFile` function, leading to improper validation of a `ZwQueryObject` result, as well as unspecified calls to the `NtCreateFile` and `NtSetThreadContext` functions. **Recommendations** For Comodo Firewall Pro versions prior to 3.0, update to version 3.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the `NtDeleteFile`, `NtCreateFile`, and `NtSetThreadContext` functions to minimize the risk of exploitation. Additionally, avoid using crafted `OBJECT ATTRIBUTES` structures in calls to the `NtDeleteFile` function until the issue is resolved.