Local Privilege Escalation in Symantec pcAnywhere 12.5
CVE-2006-3784

Currently unrated

Key Information:

Vendor: Symantec
Status: Pcanywhere
Vendor: CVE Published:; 24 July 2006

Summary

Symantec pcAnywhere 12.5 contains a vulnerability due to inadequate permissions for the 'Symantec\pcAnywhere\Hosts' directory. This misconfiguration allows local users to escalate their privileges by placing a specially crafted superuser .cif file within the folder. Once the file is in place, the user can exploit this flaw by logging into pcAnywhere as a local administrator, potentially compromising system integrity and exposing sensitive information.

References

http://secunia.com/advisories/21113

third-party-advisoryx_refsource_SECUNIA

http://www.vupen.com/english/advisories/2006/2874

vdb-entryx_refsource_VUPEN

http://www.securityfocus.com/archive/1/440448/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Jul 24, 2006
Vulnerability Reserved
Jul 21, 2006