Symantec pcAnywhere Client/Server Input Handling Denial of Service Vulnerability

Bugtraq ID:	51965
Class:	Access Validation Error
CVE:	CVE-2012-0291
Remote:	Yes
Local:	No
Published:	Feb 10 2012 12:00AM
Updated:	Feb 10 2012 12:00AM
Credit:	Vendor
Vulnerable:	Symantec pcAnywhere Solution 12.6 + Symantec Altiris Client Management Suite 7 + Symantec Altiris Deployment Solution 7.1 + Symantec IT Management Suite 7.1 + Symantec IT Management Suite 7.0 Symantec pcAnywhere Solution 12.5 + Symantec Altiris Client Management Suite 7 + Symantec Altiris Deployment Solution 7.1 + Symantec IT Management Suite 7.1 + Symantec IT Management Suite 7.0 Symantec pcAnywhere 11.5.1 Symantec pcAnywhere 11.5 Symantec pcAnywhere 11.0.1 Symantec pcAnywhere 11.0 Symantec pcAnywhere 10.5 Symantec pcAnywhere 10.0 Symantec pcAnywhere 12.5 SP3 Symantec pcAnywhere 12.5 SP2 Symantec pcAnywhere 12.5 SP1 Symantec pcAnywhere 12.5 Symantec pcAnywhere 12.1 Symantec pcAnywhere 12.0
Not Vulnerable:

Symantec pcAnywhere Client/Server Input Handling Denial of Service Vulnerability

Symantec pcAnywhere is prone to a denial-of-service vulnerability.

The problem occurs when the client or server handles certain unexpected input. This can cause the application to become unstable and crash, effectively denying service.

Symantec pcAnywhere Client/Server Input Handling Denial of Service Vulnerability

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]

Symantec pcAnywhere Client/Server Input Handling Denial of Service Vulnerability

Solution:
Vendor updates are available. Please see the referenced vendor advisory for more information.

Symantec pcAnywhere Client/Server Input Handling Denial of Service Vulnerability

References:

• pcAnywhere Homepage (Symantec)
  
• SYM12-002 Security Advisories Relating to Symantec Products - Symantec pcAnywher (Symantec)