Remote Session Handling Flaw in Symantec pcAnywhere and Altiris Solutions
CVE-2012-0290

Currently unrated

Key Information:

Vendor: Symantec
Status: Pcanywhere
Vendor: CVE Published:; 6 February 2012

What is CVE-2012-0290?

A vulnerability in Symantec pcAnywhere and various Altiris solutions allows attackers to exploit a failure in handling the client state following an abnormal session termination. This oversight can enable unauthorized remote access, permitting adversaries to take control of the client system by leveraging an existing, unclosed client session. Effective security measures are crucial to mitigate potential exploits arising from this flaw.

References

http://www.securityfocus.com/bid/51862

vdb-entryx_refsource_BID

http://www.symantec.com/security_response/securityupdates...

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/72996

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 6, 2012
Vulnerability Reserved
Jan 4, 2012