Symantec pcAnywhere Host Services Login Overflow
Added: 02/13/2012CVE: CVE-2011-3478
BID: 51592
OSVDB: 78532
Background
Symantec pcAnywhere is a suite of remote connectivity applications that allow users of a system to access their system remotely.Problem
A stack overflow exist in the pcAnywhere Host Service when parsing login names. An attacker can send a malicious login to trigger this vulnerability, which may result in arbitrary code execution.Resolution
Symantec has suggested that customers stop using pcAnywhere, as they are no longer supporting the product.References
http://www.frequentbusinesstraveler.com/2012/01/symantec-to-users-stop-using-pcanywhere/Limitations
This exploit has been tested against Symantec pcAnywhere 12.5.0.442 on Windows XP SP3 English (DEP OptIn) with KB957579 and KB2483185.Platforms
WindowsBack to exploit index