10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.953 High
EPSS
Percentile
99.2%
Added: 02/13/2012
CVE: CVE-2011-3478
BID: 51592
OSVDB: 78532
Symantec pcAnywhere is a suite of remote connectivity applications that allow users of a system to access their system remotely.
A stack overflow exist in the pcAnywhere Host Service when parsing login names. An attacker can send a malicious login to trigger this vulnerability, which may result in arbitrary code execution.
Symantec has suggested that customers stop using pcAnywhere, as they are no longer supporting the product.
<http://www.frequentbusinesstraveler.com/2012/01/symantec-to-users-stop-using-pcanywhere/>
This exploit has been tested against Symantec pcAnywhere 12.5.0.442 on Windows XP SP3 English (DEP OptIn) with KB957579 and KB2483185.
Windows