Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit (wrUrl.Dll modules) allows Functionality Misuse.This issue affects SecureAnywhere - Web Shield: before 2.1.2.3.
The vulnerability results from improper handling of data types in the wrUrl.Dll library that is part of the Web Shield module. An attacker can provide data that is interpreted by the component as a different type than what it actually represents (Type Confusion). This leads to a state in which the application logic performs operations on resources in a manner inconsistent with their actual type, resulting in unexpected behavior and the possibility of functionality misuse. The vulnerability is remotely exploitable and requires no privileges or user interaction.
An attacker can gain unauthorized access to sensitive data, modify data or system resources, and cause system unavailability — corresponding to a full high-level CIA triad (confidentiality, integrity, availability).
Webroot SecureAnywhere Web Shield must be updated to version 2.1.2.3 or later. Patch details are available in the vendor's references at: https://answers.webroot.com/Webroot/ukp.aspx?pid=12&app=vw&vw=1&login=1&json=1&solutionid=4275
Webroot SecureAnywhere Web Shield on Windows platform (ARM, 64-bit, 32-bit architectures) — all versions prior to 2.1.2.3 (wrUrl.Dll module).
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HWebroot Secureanywhere Web Shield
APPWebroot< 2.1.2.3
Related vulnerabilities
Type Confusion w Webroot SecureAnywhere Web Shield umożliwia nadużycie funkcjonalności
Webroot SecureAnywhere Web Shield — błędna obsługa wyjątków umożliwia nadużycie funkcjonalności
Webroot endpoint agents prior to version v9.0.28.48 allows remote attackers to trigger a type confusion vulner...
An exploitable buffer overflow vulnerability exists in the HTTP header-parsing function of the Webroot BrightC...
Webroot endpoint agents prior to version v9.0.28.48 did not protect the "%PROGRAMDATA%\WrData\PKG" directory a...