Webroot endpoint agents prior to version v9.0.28.48 did not protect the «%PROGRAMDATA%WrDataPKG» directory against renaming. This could allow attackers to trigger a crash or wait upon Webroot service restart to rewrite and hijack dlls in this directory for privilege escalation.
