Written by kyak
Tuesday, 17 March 2009 21:53
Symantec pcAnywhere Local Format String Vulnerability
Mar 17 2009 12:00AM
Mar 17 2009 03:26PM
Deral Heiland from Layered Defense
Symantec pcAnywhere 12.5
Symantec pcAnywhere 12.1
Symantec pcAnywhere 12.0
Symantec pcAnywhere 12.5 SP1
Symantec pcAnywhere is prone to a local format-string vulnerability.
A local attacker may exploit this issue to crash the affected application, resulting in a denial-of-service condition. The attacker may also be able to execute arbitrary code within the context of the application, but this has not been confirmed.
pcAnywhere 12.0, 12.1, and 12.5 are vulnerable; other versions may also be affected.
Attackers can use readily available command-line tools to exploit this issue.
The vendor has released updates. Please contact the vendor for details.
--SYM09-003 Symantec pcAnywhere Format String Denial of Service