Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Exploits-HackingTools
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[NT] Webroot Desktop Firewall Two Vulnerabilities

from [SecuriTeam] Network Security [Permanent Link]
Subject: [NT] Webroot Desktop Firewall Two Vulnerabilities
Date: 10 Oct 2005 13:44:47 +0200 
The following security advisory is sent to the securiteam mailing list, and can 
be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html 

- - - - - - - - -



  Webroot Desktop Firewall Two Vulnerabilities
------------------------------------------------------------------------


SUMMARY

 <http://www.webroot.com/consumer/products/desktopfirewall/> Webroot 
Desktop Firewall "secures your computer from Internet threats and reduces 
the risks of being a victim of online crimes".

Secunia Research has discovered two vulnerabilities in Webroot Desktop 
Firewall, which can be exploited by malicious, local users to gain 
escalated privileges or bypass certain security restrictions.

DETAILS

Vulnerable Systems:
 * Webroot Desktop Firewall version 1.3.0 build 43

Immune Systems:
 * Webroot Desktop Firewall version 1.3.0 build 52

1) A boundary error in PWIWrapper.dll when deleting a program from the 
list of "allowed" programs can cause a buffer overflow in
FirewallNTService.exe. This can be exploited by sending a specially 
crafted application chain to the firewall driver via a DeviceIoControl() 
command, and then removing an "allowed" program from the firewall GUI.

Successful exploitation allows non-privileged users to execute arbitrary 
code with SYSTEM privileges, but requires the the ability
to add and remove programs from the firewall's permitted application list.

2) It is possible for non-privileged users to disable the firewall even 
when password protection has been enabled, by sending specific 
DeviceIoControl() commands to the firewall driver.


ADDITIONAL INFORMATION

The information has been provided by  <mailto:vuln@secunia.com> Secunia 
Research.
The original article can be found at:  
<http://support.webroot.com/ics/support/KBAnswer.asp?questionID=2332> 
http://support.webroot.com/ics/support/KBAnswer.asp?questionID=2332



======================================== 


This bulletin is sent to members of the SecuriTeam mailing list. 
To unsubscribe from the list, send mail with an empty subject line and body to: 
list-unsubscribe@securiteam.com 
In order to subscribe to the mailing list, simply forward this email to: 
list-subscribe@securiteam.com 


==================== 
==================== 

DISCLAIMER: 
The information in this bulletin is provided "AS IS" without warranty of any 
kind. 
In no event shall we be liable for any damages whatsoever including direct, 
indirect, incidental, consequential, loss of business profits or special 
damages.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [NT] Webroot Desktop Firewall Two Vulnerabilities, SecuriTeam <=
Previous by Date:  [NT] HAURI Anti-Virus ALZ Archive Handling Buffer Overflow, SecuriTeam
Next by Date:  [UNIX] Shorewall MACLIST Security Vulnerability, SecuriTeam
Previous by Thread:  [NT] HAURI Anti-Virus ALZ Archive Handling Buffer Overflow, SecuriTeam
Next by Thread:  [UNIX] Shorewall MACLIST Security Vulnerability, SecuriTeam
Indexes:  [Date] [Thread] [Top] [All Lists]