CRITICAL🇵🇱 Wersja polska

CVE-2024-7825

CVSS 9.8v3.1pub. 2024-10-03upd. 2024-10-30

Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit (wrUrl.Dll modules) allows Functionality Misuse.This issue affects SecureAnywhere - Web Shield: before 2.1.2.3.

🤖 AI Analysis
How it works

The vulnerability results from improper handling of data types in the wrUrl.Dll library that is part of the Web Shield module. An attacker can provide data that is interpreted by the component as a different type than what it actually represents (Type Confusion). This leads to a state in which the application logic performs operations on resources in a manner inconsistent with their actual type, resulting in unexpected behavior and the possibility of functionality misuse. The vulnerability is remotely exploitable and requires no privileges or user interaction.

Impact

An attacker can gain unauthorized access to sensitive data, modify data or system resources, and cause system unavailability — corresponding to a full high-level CIA triad (confidentiality, integrity, availability).

Mitigation & patch

Webroot SecureAnywhere Web Shield must be updated to version 2.1.2.3 or later. Patch details are available in the vendor's references at: https://answers.webroot.com/Webroot/ukp.aspx?pid=12&app=vw&vw=1&login=1&json=1&solutionid=4275

Who is affected

Webroot SecureAnywhere Web Shield on Windows platform (ARM, 64-bit, 32-bit architectures) — all versions prior to 2.1.2.3 (wrUrl.Dll module).

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Webroot Secureanywhere Web Shield

    APP
    Webroot
    < 2.1.2.3
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-7824CRITICAL9.8PL ✓ten sam produkt

Type Confusion w Webroot SecureAnywhere Web Shield umożliwia nadużycie funkcjonalności

CVE-2024-7826CRITICAL9.8PL ✓ten sam produkt

Webroot SecureAnywhere Web Shield — błędna obsługa wyjątków umożliwia nadużycie funkcjonalności

CVE-2020-5754CRITICAL9.1ten sam vendor

Webroot endpoint agents prior to version v9.0.28.48 allows remote attackers to trigger a type confusion vulner...

CVE-2018-4012CRITICAL9.0ten sam vendor

An exploitable buffer overflow vulnerability exists in the HTTP header-parsing function of the Webroot BrightC...

CVE-2020-5755HIGH7.8ten sam vendor

Webroot endpoint agents prior to version v9.0.28.48 did not protect the "%PROGRAMDATA%\WrData\PKG" directory a...