CRITICAL🇵🇱 Wersja polska

CVE-2024-7826

CVSS 9.8v3.1pub. 2024-10-03upd. 2024-10-30

Improper Check for Unusual or Exceptional Conditions vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit (wrURL.Dll modules) allows Functionality Misuse.This issue affects SecureAnywhere - Web Shield: before 2.1.2.3.

🤖 AI Analysis
How it works

The wrURL.Dll module included in the Web Shield component does not perform proper verification of unusual or exceptional conditions during data processing. The lack of appropriate controls allows an attacker to supply specially crafted input data that leads to unexpected module behavior. As a result, it is possible to exploit (Functionality Misuse) the product's own protective mechanisms in a manner inconsistent with the intended purpose.

Impact

A remote unauthenticated attacker can gain full control over system confidentiality, integrity, and availability (CVSS C:H/I:H/A:H), which in practice may result in unauthorized access to data, data modification, or unavailability of services protected by Web Shield.

Mitigation & patch

Update Webroot SecureAnywhere Web Shield to version 2.1.2.3 or later. Detailed instructions are available in the official vendor knowledge base at the address indicated in the references.

Who is affected

Webroot SecureAnywhere Web Shield — versions prior to 2.1.2.3 on Windows platforms (32-bit, 64-bit, ARM) — wrURL.Dll modules

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Webroot Secureanywhere Web Shield

    APP
    Webroot
    < 2.1.2.3
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-7824CRITICAL9.8PL ✓ten sam produkt

Type Confusion w Webroot SecureAnywhere Web Shield umożliwia nadużycie funkcjonalności

CVE-2024-7825CRITICAL9.8PL ✓ten sam produkt

Type Confusion w Webroot SecureAnywhere Web Shield – RCE bez autoryzacji

CVE-2020-5754CRITICAL9.1ten sam vendor

Webroot endpoint agents prior to version v9.0.28.48 allows remote attackers to trigger a type confusion vulner...

CVE-2018-4012CRITICAL9.0ten sam vendor

An exploitable buffer overflow vulnerability exists in the HTTP header-parsing function of the Webroot BrightC...

CVE-2020-5755HIGH7.8ten sam vendor

Webroot endpoint agents prior to version v9.0.28.48 did not protect the "%PROGRAMDATA%\WrData\PKG" directory a...