From: SecuriTeam <support@securiteam.com.>
To: [email protected]
Date: 10 Oct 2005 13:44:47 +0200
Subject: [NT] Webroot Desktop Firewall Two Vulnerabilities
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <20051010122340.1AFE058CF@mail.tyumen.ru.>
X-Virus-Scanned: antivirus-gw at tyumen.ru
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Webroot Desktop Firewall Two Vulnerabilities
------------------------------------------------------------------------
SUMMARY
<http://www.webroot.com/consumer/products/desktopfirewall/>; Webroot
Desktop Firewall "secures your computer from Internet threats and reduces
the risks of being a victim of online crimes".
Secunia Research has discovered two vulnerabilities in Webroot Desktop
Firewall, which can be exploited by malicious, local users to gain
escalated privileges or bypass certain security restrictions.
DETAILS
Vulnerable Systems:
* Webroot Desktop Firewall version 1.3.0 build 43
Immune Systems:
* Webroot Desktop Firewall version 1.3.0 build 52
1) A boundary error in PWIWrapper.dll when deleting a program from the
list of "allowed" programs can cause a buffer overflow in
FirewallNTService.exe. This can be exploited by sending a specially
crafted application chain to the firewall driver via a DeviceIoControl()
command, and then removing an "allowed" program from the firewall GUI.
Successful exploitation allows non-privileged users to execute arbitrary
code with SYSTEM privileges, but requires the the ability
to add and remove programs from the firewall's permitted application list.
2) It is possible for non-privileged users to disable the firewall even
when password protection has been enabled, by sending specific
DeviceIoControl() commands to the firewall driver.
ADDITIONAL INFORMATION
The information has been provided by <mailto:vuln@secunia.com.> Secunia
Research.
The original article can be found at:
<http://support.webroot.com/ics/support/KBAnswer.asp?questionID=2332>;
http://support.webroot.com/ics/support/KBAnswer.asp?questionID=2332
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: [email protected]
In order to subscribe to the mailing list, simply forward this email to: [email protected]
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
