Local Privilege Escalation in Symantec pcAnywhere 12.5
CVE-2006-3786

Currently unrated

Key Information:

Vendor: Symantec
Status: Pcanywhere
Vendor: CVE Published:; 24 July 2006

What is CVE-2006-3786?

Symantec pcAnywhere 12.5 has a vulnerability that stems from inadequate integrity protection for .cif files. This flaw enables local users to craft a malicious .cif file, which can be exploited to alter the superuser flag. This means that an attacker with local access can gain elevated privileges, compromising the security of the system.

References

http://securitytracker.com/id?1016534

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/archive/1/440448/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.digitalbullets.org/?p=3

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 24, 2006
Vulnerability Reserved
Jul 21, 2006