|
|
|
|
| |
Credit:
The original article can be found at: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0290
The original article can be found at: http://www.securityfocus.com/bid/51862
|
| |
Vulnerable Systems:
* Symantec pcAnywhere through 12.5.3,
* Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x)
* Altiris IT Management Suite pcAnywhere Solution7.1 (aka 12.6.x),
* Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x)
* Altiris Client Management Suite pcAnywhere Solution7.1 (aka 12.6.x),
* Altiris Deployment Solution Remote pcAnywhere Solution 7.1 (aka 12.5.x and 12.6.x)
Symantec pcAnywhere is prone to a vulnerability that may allow an attacker to connect to a valid client session. The problem occurs when the client handles certain unexpected input from the server. This can cause the server connection to drop, but leaving the client session open. A man-in-the-middle attacker may be able to exploit this condition to connect to the client session. This may aid in further attacks.
Vendor Status:
Symantec as issued an update for this vulnerablity
Patch Availability:
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120124_00
CVE Information:
CVE-2012-0290
|
|
|
|
|
