CVE-2021-28130

Severity CVSS v4.0:
Pending analysis
Type:
CWE-427 Uncontrolled Search Path Element
Publication date:
24/09/2021
Last modified:
06/10/2021

Description

Dr.Web Firewall 12.5.2.4160 on Windows incorrectly restricts applications signed by Dr.Web. A DLL for a custom payload within a legitimate binary (e.g., frwl_svc.exe) bypasses firewall filters.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:drweb:security_space:12.5.2.4160:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*