Improper Check for Unusual or Exceptional Conditions vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit (wrURL.Dll modules) allows Functionality Misuse.This issue affects SecureAnywhere - Web Shield: before 2.1.2.3.
The wrURL.Dll module included in the Web Shield component does not perform proper verification of unusual or exceptional conditions during data processing. The lack of appropriate controls allows an attacker to supply specially crafted input data that leads to unexpected module behavior. As a result, it is possible to exploit (Functionality Misuse) the product's own protective mechanisms in a manner inconsistent with the intended purpose.
A remote unauthenticated attacker can gain full control over system confidentiality, integrity, and availability (CVSS C:H/I:H/A:H), which in practice may result in unauthorized access to data, data modification, or unavailability of services protected by Web Shield.
Update Webroot SecureAnywhere Web Shield to version 2.1.2.3 or later. Detailed instructions are available in the official vendor knowledge base at the address indicated in the references.
Webroot SecureAnywhere Web Shield — versions prior to 2.1.2.3 on Windows platforms (32-bit, 64-bit, ARM) — wrURL.Dll modules
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HWebroot Secureanywhere Web Shield
APPWebroot< 2.1.2.3
Related vulnerabilities
Type Confusion w Webroot SecureAnywhere Web Shield umożliwia nadużycie funkcjonalności
Type Confusion w Webroot SecureAnywhere Web Shield – RCE bez autoryzacji
Webroot endpoint agents prior to version v9.0.28.48 allows remote attackers to trigger a type confusion vulner...
An exploitable buffer overflow vulnerability exists in the HTTP header-parsing function of the Webroot BrightC...
Webroot endpoint agents prior to version v9.0.28.48 did not protect the "%PROGRAMDATA%\WrData\PKG" directory a...