• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Webroot Software Desktop Firewall Multiple Local Vulnerabilities

Webroot Software Desktop Firewall is susceptible to multiple local vulnerabilities.

The first issue is a buffer overflow vulnerability, due to a failure of the application to properly bounds check user-supplied data prior to copying it to an insufficiently sized memory buffer.

Local attackers may exploit this first issue to execute arbitrary machine code with SYSTEM privileges. Attackers require the ability to modify the firewall's list of allowed applications.

The second issue is an authentication bypass vulnerability. This issue is due to a failure of the firewall to properly enforce built-in password protection, allowing local attackers to disable the firewall.

Local attackers may exploit the second issue to disable the firewall, aiding them in further attacks.

These issues may only be exploited by local attackers with privileges allowing them to utilize 'DeviceIoControl()' to send commands to the firewall driver.

These issues are reported to exist in version 1.3.0.43. Other versions may also be affected.