Comodo Dragon Browser 52.15.25.663 Privilege Escalation via Unquoted Service Path
Description
Comodo Dragon Browser versions up to 52.15.25.663 contain a privilege escalation vulnerability in the DragonUpdater service due to an unquoted service path running with SYSTEM privileges. A local attacker can insert a malicious executable in the service path and execute arbitrary code with elevated privileges upon service restart or system reboot.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: <=52.15.25.663
Patches
Vulnerability mechanics
Root cause
"Unquoted service path in the DragonUpdater service binary path allows Windows to interpret a space-containing path as multiple arguments, enabling a local attacker to hijack execution."
Attack vector
The DragonUpdater service is configured with an unquoted binary path: `C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe` [ref_id=1]. Because the path contains spaces and is not enclosed in quotes, Windows will resolve it by searching for executables named `C:\Program.exe`, `C:\Program Files.exe`, etc., before reaching the real target. A local attacker with low privileges can place a malicious executable named `Program.exe` or `Files.exe` in a location that appears earlier in the search order (e.g., `C:\`). When the service is restarted or the system is rebooted, the planted executable runs with SYSTEM privileges [ref_id=1].
What the fix does
The vendor fixed the issue in version 52.15.25.664 [ref_id=1]. The fix likely involves quoting the service binary path so that Windows treats the entire string as a single path rather than splitting it on spaces. Without a published patch, the exact change is not visible, but the standard remediation for an unquoted service path is to wrap the path in double quotes, e.g., `"C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe"`.
Generated on Jun 20, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- www.exploit-db.com/exploits/40471mitreexploit
- www.vulncheck.com/advisories/comodo-dragon-browser-privilege-escalation-via-unquoted-service-pathmitrethird-party-advisory
- yildirimyunus.commitreproduct
- www.comodo.commitreproduct
- www.comodo.com/home/browsers-toolbars/browser.phpmitreproduct
News mentions
0No linked articles in our index yet.