CVE-2021-40425

Name of the Vulnerable Software and Affected Versions Webroot Secure Anywhere version 21.4

Description An out-of-bounds read issue exists in the IOCTL GetProcessCommand and B 03 of Webroot Secure Anywhere. A specially-crafted executable can lead to denial of service. An attacker can issue an ioctl to trigger this issue. Specifically, an IOCTL B03 request with specific invalid data causes a similar issue in the device driver WRCore x64.

Recommendations For Webroot Secure Anywhere version 21.4, consider restricting access to the IOCTL GetProcessCommand and B 03 until a patch is available. As a temporary workaround, avoid issuing IOCTL B03 requests with invalid data to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.