VAR-200510-0180
Vulnerability from variot - Updated: 2023-12-18 13:49Stack-based buffer overflow in PWIWrapper.dll for Webroot Desktop Firewall before 1.3.0build52 allows local users to execute arbitrary code as SYSTEM by sending a crafted DeviceIoControl command, then removing an allowed program from the firewall list. Webroot Software Desktop Firewall is susceptible to multiple local vulnerabilities. The first issue is a buffer overflow vulnerability, due to a failure of the application to properly bounds check user-supplied data prior to copying it to an insufficiently sized memory buffer. Local attackers may exploit this first issue to execute arbitrary machine code with SYSTEM privileges. Attackers require the ability to modify the firewall's list of allowed applications. The second issue is an authentication bypass vulnerability. This issue is due to a failure of the firewall to properly enforce built-in password protection, allowing local attackers to disable the firewall. Local attackers may exploit the second issue to disable the firewall, aiding them in further attacks. These issues may only be exploited by local attackers with privileges allowing them to utilize 'DeviceIoControl()' to send commands to the firewall driver. These issues are reported to exist in version 1.3.0.43. Other versions may also be affected.
SOLUTION: Update to version 1.3.0 build 52.
PROVIDED AND/OR DISCOVERED BY: Tan Chew Keong, Secunia Research.
ORIGINAL ADVISORY: Webroot: http://support.webroot.com/ics/support/KBAnswer.asp?questionID=2332
Secunia Research: http://secunia.com/secunia_research/2005-10/advisory/
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200510-0180",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "desktop firewall",
"scope": "eq",
"trust": 1.6,
"vendor": "webroot",
"version": "1.3.0.43"
},
{
"model": "software desktop firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "webroot",
"version": "1.3.0.43"
},
{
"model": "software desktop firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "webroot",
"version": "1.3.0.52"
}
],
"sources": [
{
"db": "BID",
"id": "15016"
},
{
"db": "NVD",
"id": "CVE-2005-3197"
},
{
"db": "CNNVD",
"id": "CNNVD-200510-088"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:webroot_software:desktop_firewall:1.3.0.43:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-3197"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tan Chew Keong of Secunia Research is credited with the discovery of these issues.",
"sources": [
{
"db": "BID",
"id": "15016"
},
{
"db": "CNNVD",
"id": "CNNVD-200510-088"
}
],
"trust": 0.9
},
"cve": "CVE-2005-3197",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-14406",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2005-3197",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200510-088",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-14406",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-14406"
},
{
"db": "NVD",
"id": "CVE-2005-3197"
},
{
"db": "CNNVD",
"id": "CNNVD-200510-088"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in PWIWrapper.dll for Webroot Desktop Firewall before 1.3.0build52 allows local users to execute arbitrary code as SYSTEM by sending a crafted DeviceIoControl command, then removing an allowed program from the firewall list. Webroot Software Desktop Firewall is susceptible to multiple local vulnerabilities. \nThe first issue is a buffer overflow vulnerability, due to a failure of the application to properly bounds check user-supplied data prior to copying it to an insufficiently sized memory buffer. \nLocal attackers may exploit this first issue to execute arbitrary machine code with SYSTEM privileges. Attackers require the ability to modify the firewall\u0027s list of allowed applications. \nThe second issue is an authentication bypass vulnerability. This issue is due to a failure of the firewall to properly enforce built-in password protection, allowing local attackers to disable the firewall. \nLocal attackers may exploit the second issue to disable the firewall, aiding them in further attacks. \nThese issues may only be exploited by local attackers with privileges allowing them to utilize \u0027DeviceIoControl()\u0027 to send commands to the firewall driver. \nThese issues are reported to exist in version 1.3.0.43. Other versions may also be affected. \n\nSOLUTION:\nUpdate to version 1.3.0 build 52. \n\nPROVIDED AND/OR DISCOVERED BY:\nTan Chew Keong, Secunia Research. \n\nORIGINAL ADVISORY:\nWebroot:\nhttp://support.webroot.com/ics/support/KBAnswer.asp?questionID=2332\n\nSecunia Research:\nhttp://secunia.com/secunia_research/2005-10/advisory/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-3197"
},
{
"db": "BID",
"id": "15016"
},
{
"db": "VULHUB",
"id": "VHN-14406"
},
{
"db": "PACKETSTORM",
"id": "40466"
}
],
"trust": 1.35
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "15016",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "15745",
"trust": 1.8
},
{
"db": "VUPEN",
"id": "ADV-2005-1973",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1015012",
"trust": 1.7
},
{
"db": "NVD",
"id": "CVE-2005-3197",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "19868",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200510-088",
"trust": 0.7
},
{
"db": "FULLDISC",
"id": "20051006 SECUNIA RESEARCH: WEBROOT DESKTOP FIREWALL TWO VULNERABILITIES",
"trust": 0.6
},
{
"db": "XF",
"id": "22529",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-14406",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "40466",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-14406"
},
{
"db": "BID",
"id": "15016"
},
{
"db": "PACKETSTORM",
"id": "40466"
},
{
"db": "NVD",
"id": "CVE-2005-3197"
},
{
"db": "CNNVD",
"id": "CNNVD-200510-088"
}
]
},
"id": "VAR-200510-0180",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-14406"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:49:55.283000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-3197"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://support.webroot.com/ics/support/kbanswer.asp?questionid=2332"
},
{
"trust": 1.8,
"url": "http://secunia.com/secunia_research/2005-10/advisory/"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/15745/"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/15016"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0129.html"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/19868"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1015012"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2005/1973"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22529"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/22529"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2005/1973"
},
{
"trust": 0.3,
"url": "http://www.webroot.com/consumer/products/desktopfirewall/"
},
{
"trust": 0.3,
"url": "http://support.webroot.com/ics/support/default.asp?deptid=776"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5805/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-14406"
},
{
"db": "BID",
"id": "15016"
},
{
"db": "PACKETSTORM",
"id": "40466"
},
{
"db": "NVD",
"id": "CVE-2005-3197"
},
{
"db": "CNNVD",
"id": "CNNVD-200510-088"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-14406"
},
{
"db": "BID",
"id": "15016"
},
{
"db": "PACKETSTORM",
"id": "40466"
},
{
"db": "NVD",
"id": "CVE-2005-3197"
},
{
"db": "CNNVD",
"id": "CNNVD-200510-088"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-10-14T00:00:00",
"db": "VULHUB",
"id": "VHN-14406"
},
{
"date": "2005-10-06T00:00:00",
"db": "BID",
"id": "15016"
},
{
"date": "2005-10-06T16:36:36",
"db": "PACKETSTORM",
"id": "40466"
},
{
"date": "2005-10-14T10:02:00",
"db": "NVD",
"id": "CVE-2005-3197"
},
{
"date": "2005-10-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200510-088"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-14406"
},
{
"date": "2005-10-06T00:00:00",
"db": "BID",
"id": "15016"
},
{
"date": "2017-07-11T01:33:07.487000",
"db": "NVD",
"id": "CVE-2005-3197"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200510-088"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "15016"
},
{
"db": "PACKETSTORM",
"id": "40466"
},
{
"db": "CNNVD",
"id": "CNNVD-200510-088"
}
],
"trust": 1.0
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Webroot Software Desktop Firewall Multiple Local Vulnerabilities",
"sources": [
{
"db": "BID",
"id": "15016"
},
{
"db": "CNNVD",
"id": "CNNVD-200510-088"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200510-088"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…