[原文]Stack-based buffer overflow in PWIWrapper.dll for Webroot Desktop Firewall before 1.3.0build52 allows local users to execute arbitrary code as SYSTEM by sending a crafted DeviceIoControl command, then removing an allowed program from the firewall list.
A local overflow exists in Webroot Desktop Firewall. The 'PWIWrapper.dll' library fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request, a malicious user can cause arbitrary code execution with SYSTEM privileges resulting in a loss of integrity.
Upgrade to version 1.3.0 build 52 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.