Local Privilege Escalation in Symantec pcAnywhere 12.5
CVE-2006-3785

Currently unrated

Key Information:

Vendor: Symantec
Status: Pcanywhere
Vendor: CVE Published:; 24 July 2006

What is CVE-2006-3785?

Symantec pcAnywhere 12.5 contains a vulnerability where passwords are visually obfuscated in the user interface but remain unencrypted in the associated .cif (CallerID) file. This design flaw allows local users to extract these passwords using various software tools such as Nirsoft Asterwin. Attackers with local access to the system can exploit this oversight to gain unauthorized access to sensitive information.

References

http://www.securityfocus.com/archive/1/440448/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.digitalbullets.org/?p=3

x_refsource_MISC

http://securityreason.com/securityalert/1261

third-party-advisoryx_refsource_SREASON

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 24, 2006
Vulnerability Reserved
Jul 21, 2006