Advisories

Vulnerability in Webroot Antivirus (CVE-2023-7241)

Webroot Antivirus is an antivirus software. The vulnerability existed in both the end user product and the enterprise product.

Local privilege escalation vulnerability in Webroot Antivirus

The fixed vulnerability allowed an attacker to escalate his privileges to SYSTEM on a system that the attacker already had access to.

This was possible by using COM-Hijacking to execute code in the context of a trusted front-end process. The trust between the front end and the back end was then abused for an arbitrary file delete, which allowed the execution of code as SYSTEM.

We want to thank OpenText for their exemplary reaction to the vulnerability report.

CVSS Score
7.8 (CVSS v3) – https://nvd.nist.gov/vuln/detail/CVE-2023-7241

Affected Versions
Webroot Antivirus 8.0.1X- 9.0.35.12

Fixed Version
9.0.35.17

References
https://answers.webroot.com/Webroot/ukp.aspx?&app=vw&vw=1&login=1&solutionid=4258

Credits
Kolja Grassmann (cirosec GmbH) and Alain Rödel (Neodyme)

Timeline

2023-12-04

Vendor was contacted and informed about the vulnerability

2023-12-05

Initial response from vendor

2024-02-02

Manufacturer informed us that there is a fix available for testing

2024-02-26

Confirmed to the vendor that the exploit was no longer possible

2024-05-01

Vendor released advisory

Do you want to protect your systems? Get in touch with us.

Competent IT security consulting, pentests, incident response and training

Ferdinand-Braun-Straße 4
74074 Heilbronn, Germany