Symantec pcAnywhere Session Closure Access Violation Vulnerability
BID:51862
Info
Symantec pcAnywhere Session Closure Access Violation Vulnerability
| Bugtraq ID: | 51862 |
| Class: | Access Validation Error |
| CVE: |
CVE-2012-0290 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 03 2012 12:00AM |
| Updated: | Apr 09 2012 10:00PM |
| Credit: | Vendor |
| Vulnerable: |
Symantec pcAnywhere Solution 12.6 Symantec pcAnywhere Solution 12.5 Symantec pcAnywhere 11.5.1 Symantec pcAnywhere 11.5 Symantec pcAnywhere 11.0.1 Symantec pcAnywhere 11.0 Symantec pcAnywhere 10.5 Symantec pcAnywhere 10.0 Symantec pcAnywhere 12.5 SP3 Symantec pcAnywhere 12.5 SP1 Symantec pcAnywhere 12.5 Symantec pcAnywhere 12.1 Symantec pcAnywhere 12.0 |
| Not Vulnerable: |
Symantec pcAnywhere Solution 12.6.7 Symantec pcAnywhere 12.5 SP4 |
Discussion
Symantec pcAnywhere Session Closure Access Violation Vulnerability
Symantec pcAnywhere is prone to a vulnerability that may allow an attacker to connect to a valid client session.
The problem occurs when the client handles certain unexpected input from the server. This can cause the server connection to drop, but leaving the client session open. A man-in-the-middle attacker may be able to exploit this condition to connect to the client session. This may aid in further attacks.
Symantec pcAnywhere is prone to a vulnerability that may allow an attacker to connect to a valid client session.
The problem occurs when the client handles certain unexpected input from the server. This can cause the server connection to drop, but leaving the client session open. A man-in-the-middle attacker may be able to exploit this condition to connect to the client session. This may aid in further attacks.
References
Symantec pcAnywhere Session Closure Access Violation Vulnerability
References:
References: