Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0538

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2009-0538
Last Modified 01 Apr 2009 01:42:38
Published 18 Mar 2009 11:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2009-0538

Summary

Format string vulnerability in Symantec pcAnywhere before 12.5 SP1 allows local users to read and modify arbitrary memory locations, and cause a denial of service (application crash) or possibly have unspecified other impact, via format string specifiers in the pathname of a remote control file (aka .CHF file).

Vulnerable Systems

Application

  • Symantec Pcanywhere 10.0

  • Symantec Pcanywhere 10.5

  • Symantec Pcanywhere 11.0

  • Symantec Pcanywhere 11.0.1

  • Symantec Pcanywhere 11.5

  • Symantec Pcanywhere 11.5.1

  • Symantec Pcanywhere 12.0

  • Symantec Pcanywhere 12.1

  • Symantec Pcanywhere 12.5


References

CONFIRM - http://securityresponse.symantec.com/avcenter/security/Content/2009.03.17.html

XF - symantec-pcanywhere-unspecified-dos(49291)

VUPEN - ADV-2009-0755

BID - 33845

BUGTRAQ - 20090318 Layered Defense Research Advisory: Format String Vulnerablity in Symantec PcAnywhere v10-12.5

MISC - http://www.layereddefense.com/pcanywhere17mar.html

SECTRACK - 1021855

SECUNIA - 34305

OSVDB - 52797


Last Updated: 27 May 2016 10:50:17