Format String Vulnerability in Symantec pcAnywhere
CVE-2009-0538

Currently unrated

Key Information:

Vendor: Symantec
Status: Pcanywhere
Vendor: CVE Published:; 18 March 2009

Summary

A format string vulnerability exists in Symantec pcAnywhere prior to version 12.5 SP1, allowing local users to craft input that can read and modify arbitrary memory locations. This issue can lead to severe consequences such as application crashes or other undefined behaviors. The vulnerability is triggered through specific format string specifiers present in the pathname of a remote control file (.CHF file), allowing for unauthorized access and potential disruption of the service.

References

http://securityresponse.symantec.com/avcenter/security/Co...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/33845

vdb-entryx_refsource_BID

http://secunia.com/advisories/34305

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Mar 18, 2009
Vulnerability Reserved
Feb 12, 2009