Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-3478

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2011-3478
Last Modified 06 Feb 2012 12:00:00
Published 25 Jan 2012 10:55:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-3478

Summary

The host-services component in Symantec pcAnywhere 12.5.x through 12.5.3, and IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), does not properly filter login and authentication data, which allows remote attackers to execute arbitrary code via a crafted session on TCP port 5631.

Vulnerable Systems

Application

  • Symantec Pcanywhere 12.5

  • Symantec Pcanywhere 12.5.539

  • Symantec Pcanywhere 12.6.65

  • Symantec Pcanywhere 12.6.7580


References

CONFIRM - http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120124_00

BID - 51592


Last Updated: 27 May 2016 10:57:23