Threat Center Security News PcAnywhere may cause denial of service
PcAnywhere may cause denial of service Print E-mail
Written by Rebecca Mints   
Thursday, 19 March 2009 01:16

A new vulnerability has been discovered in Symantec PcAnywhere version 10 up to 12.1 related to its format strings within .chf remote control file names or associated file path.

Reported to the vendor by Deral Heiland, the hole has been categorized by Symantec as low but still advises PcAnywhere 10 users to upgrade to version 12.5 SP 1.

The vulnerability is triggered when the local format strings that had been specially crafted are entered as the file name (%s%s%s%s%s.chf) or within the path of the CHF file. This will allow attackers to read/write arbitrary memory and cause a denial of service condition.

The security organization Layered Defense announced in its latest research advisory on March 17 that Symantec has already published a fix in PcAnywhere.. The vulnerability was actually discovered as early as January and Symantec immediately acknowledge the hole. However, it was only three months after that Symantec had been able to issue a patch.

 

WTW Threat Level