Comodo Firewall is prone to a design error in its cryptographic hashing function for component controls.
Exploiting this flaw permits attackers to bypass the application's component controls. The application keeps a list of process-module checksums for allowed components. Due to the improper use of a cyclic redundancy check, rather than a cryptographic hash function in developing module checksums, an attacker can trivially insert a malicious control with the same CRC as a trusted component.
Comodo Firewall Pro 18.104.22.168 and 22.214.171.124 and Comodo Personal Firewall 126.96.36.199 are vulnerable; other versions may also be affected.