Vulnerabilities > Symantec > Pcanywhere > 11.0

DATE CVE VULNERABILITY TITLE RISK
2012-03-08 CVE-2012-0292 Improper Input Validation vulnerability in Symantec products
The awhost32 service in Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), and Altiris Deployment Solution Remote pcAnywhere Solution 7.1 (aka 12.5.x and 12.6.x) allows remote attackers to cause a denial of service (daemon crash) via a crafted TCP session on port 5631.
network
low complexity
symantec CWE-20
5.0
2012-02-22 CVE-2012-0291 Improper Input Validation vulnerability in Symantec products
Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), and Altiris Deployment Solution Remote pcAnywhere Solution 7.1 (aka 12.5.x and 12.6.x) allow remote attackers to cause a denial of service (application crash or hang) via (1) malformed data from a client, (2) malformed data from a server, or (3) an invalid response.
network
low complexity
symantec CWE-20
5.0
2012-02-06 CVE-2012-0290 Unspecified vulnerability in Symantec products
Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), and Altiris Deployment Solution Remote pcAnywhere Solution 7.1 (aka 12.5.x and 12.6.x) do not properly handle the client state after abnormal termination of a remote session, which allows remote attackers to obtain access to the client by leveraging an "open client session."
network
low complexity
symantec
critical
10.0
2009-03-18 CVE-2009-0538 USE of Externally-Controlled Format String vulnerability in Symantec Pcanywhere
Format string vulnerability in Symantec pcAnywhere before 12.5 SP1 allows local users to read and modify arbitrary memory locations, and cause a denial of service (application crash) or possibly have unspecified other impact, via format string specifiers in the pathname of a remote control file (aka .CHF file).
local
low complexity
symantec CWE-134
4.6
2005-12-01 CVE-2005-3934 Denial of Service vulnerability in pcAnywhere Authentication
Buffer overflow in Symantec pcAnywhere 11.0.1, 11.5.1, and all other 32-bit versions allows remote attackers to cause a denial of service (application crash) via unknown attack vectors.
network
low complexity
symantec
7.8
2005-06-16 CVE-2005-1970 Local Privileged Command Execution vulnerability in Symantec PCAnywhere
Symantec pcAnywhere 10.5x and 11.x before 11.5, with "Launch with Windows" enabled, allows local users with physical access to execute arbitrary commands via the Caller Properties feature.
local
low complexity
symantec
7.2
2003-12-15 CVE-2003-0936 Unspecified vulnerability in Symantec Pcanywhere 10.0/10.5/11.0
Symantec PCAnywhere 10.x and 11, when started as a service, allows attackers to gain SYSTEM privileges via the help interface using AWHOST32.exe.
local
low complexity
symantec
7.2