Webroot: >> Endpoint Agents Security Vulnerabilities
Webroot endpoint agents prior to version v9.0.28.48 allows remote attackers to trigger a type confusion vulnerability over its listening TCP port, resulting in crashing or reading memory contents of the Webroot endpoint agent.
CVSS Score
9.1
EPSS Score
0.008
Published
2020-06-15
Webroot endpoint agents prior to version v9.0.28.48 did not protect the "%PROGRAMDATA%\WrData\PKG" directory against renaming. This could allow attackers to trigger a crash or wait upon Webroot service restart to rewrite and hijack dlls in this directory for privilege escalation.
CVSS Score
7.8
EPSS Score
0.0
Published
2020-06-15