CVE-2020-5755

Name of the Vulnerable Software and Affected Versions Webroot endpoint agents versions prior to v9.0.28.48

Description The issue allows attackers to trigger a crash or wait for the Webroot service restart to rewrite and hijack dlls in the "%PROGRAMDATA%WrDataPKG" directory for privilege escalation, due to the directory not being protected against renaming.

Recommendations For versions prior to v9.0.28.48, update to version v9.0.28.48 or later to resolve the issue. As a temporary workaround, consider restricting access to the "%PROGRAMDATA%WrDataPKG" directory to minimize the risk of exploitation.