CVE-2024-7248 is a local privilege escalation vulnerability identified in Comodo Internet Security Pro version 12.2.4.8032. The root cause is a CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) vulnerability within the software's update mechanism. Specifically, the update process fails to properly validate user-supplied file paths before performing file operations, enabling a path traversal attack. An attacker who has already gained the ability to execute code with low privileges on the affected system can exploit this flaw to manipulate file paths and escalate their privileges to SYSTEM level. This allows execution of arbitrary code with the highest system privileges, compromising the confidentiality, integrity, and availability of the system. The vulnerability does not require user interaction but does require local access with some code execution capability. The CVSS v3.0 base score is 7.8, reflecting high severity due to the potential for complete system compromise. Although no public exploits are currently known, the vulnerability was assigned and published by the Zero Day Initiative (ZDI) under ZDI-CAN-19055. No patches have been linked yet, so mitigation currently relies on access controls and monitoring.

If exploited, this vulnerability allows an attacker with limited local access to escalate their privileges to SYSTEM level, effectively gaining full control over the affected machine. This can lead to unauthorized access to sensitive data, installation of persistent malware, disabling of security controls, and disruption of system availability. Organizations relying on Comodo Internet Security Pro for endpoint protection may find their defenses bypassed, increasing risk of further compromise. The impact is particularly severe in environments where multiple users share systems or where attackers can gain initial foothold through other means such as phishing or software vulnerabilities. The ability to execute arbitrary code as SYSTEM can facilitate lateral movement, data exfiltration, and long-term persistence within enterprise networks.

Until an official patch is released, organizations should implement strict local access controls to limit the ability of unprivileged users to execute code on systems running Comodo Internet Security Pro 12.2.4.8032. Employ application whitelisting and endpoint detection and response (EDR) tools to monitor for suspicious file operations and privilege escalation attempts. Restrict update mechanisms to trusted administrators and consider temporarily disabling automatic updates if feasible. Conduct regular audits of user permissions and running processes to detect anomalies. Once a patch is available, prioritize immediate deployment across all affected systems. Additionally, educate users about the risks of executing untrusted code locally and maintain comprehensive logging to facilitate incident response.