Marcus Hutchins

**Name of the Vulnerable Software and Affected Versions** Comodo Internet Security (affected versions not specified) **Description** The firewall driver `Inspect.sys` contains an integer underflow in its IPv6 packet parser. The parser decrements an unsigned 64-bit payload-length value, derived from the IPv6 fixed header's payload length field, by the size of each IPv6 extension header without proper validation. A packet with a declared payload length smaller than the sum of its extension-header lengths causes the value to underflow to a near-maximal 64-bit integer. Since IPv6 parsing occurs before firewall rule enforcement, a remote, unauthenticated attacker can send a single crafted IPv6 packet to trigger an out-of-bounds read or an oversized `memcpy()` in the Windows kernel at DISPATCH LEVEL, resulting in a system crash (Blue Screen of Death). **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.