CVE-2024-7250 is a local privilege escalation vulnerability affecting Comodo Internet Security Pro version 12.2.4.8032. The root cause is improper link resolution before file access in the cmdagent executable, categorized under CWE-59 (Improper Link Resolution Before File Access, also known as 'Link Following'). The vulnerability allows a local attacker who already has the ability to execute low-privileged code on the system to create symbolic links that trick the cmdagent process into deleting arbitrary files. By abusing this behavior, the attacker can escalate privileges from a limited user context to SYSTEM level, enabling execution of arbitrary code with the highest privileges on the affected system. The attack does not require user interaction but does require local access and prior code execution capability. The CVSS v3.0 score is 7.8 (high), reflecting the significant impact on confidentiality, integrity, and availability, combined with relatively low attack complexity and privileges required. No patches or exploits are currently publicly available, but the vulnerability has been disclosed and assigned a CVE and ZDI identifier (ZDI-CAN-22829).

The primary impact of this vulnerability is local privilege escalation, which can lead to full system compromise. An attacker who has already gained limited access to a system (e.g., through phishing, malware, or other means) can leverage this flaw to elevate their privileges to SYSTEM, bypassing security controls and gaining unrestricted access. This can result in unauthorized disclosure of sensitive information, modification or deletion of critical system files, installation of persistent malware, and disruption of system availability. Organizations relying on Comodo Internet Security Pro for endpoint protection may find their defenses bypassed if this vulnerability is exploited. The risk is particularly acute in environments with multiple users or where attackers can gain initial footholds, such as enterprise networks, managed service providers, and critical infrastructure systems.

1. Monitor Comodo's official channels for patches addressing CVE-2024-7250 and apply updates promptly once available. 2. Until a patch is released, restrict local user permissions to the minimum necessary to reduce the risk of low-privileged code execution. 3. Implement application whitelisting and endpoint detection and response (EDR) solutions to detect suspicious symbolic link creation or unauthorized file deletions by cmdagent or related processes. 4. Enforce strict access controls on systems running Comodo Internet Security Pro, limiting local access to trusted users only. 5. Conduct regular audits of system logs for unusual activity related to cmdagent or symbolic link manipulations. 6. Educate users on phishing and malware risks to prevent initial compromise that could lead to exploitation of this vulnerability. 7. Consider temporary disabling or isolating the vulnerable component if feasible and if the risk of exploitation outweighs the protection benefits until a patch is available.