[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96174

 
 

909

 
 

78077

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2009-0538

Date: (C)2009-03-18   (M)2017-08-08
 
CVSS Score: 4.6Access Vector: LOCAL
Exploitability Subscore: 3.9Access Complexity: LOW
Impact Subscore: 6.4Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: PARTIAL
 Availability: PARTIAL











Format string vulnerability in Symantec pcAnywhere before 12.5 SP1 allows local users to read and modify arbitrary memory locations, and cause a denial of service (application crash) or possibly have unspecified other impact, via format string specifiers in the pathname of a remote control file (aka .CHF file).

Reference:
SECTRACK-1021855
http://www.securityfocus.com/archive/1/archive/1/501930/100/0/threaded
BID-33845
SECUNIA-34305
OSVDB-52797
ADV-2009-0755
http://securityresponse.symantec.com/avcenter/security/Content/2009.03.17.html
http://www.layereddefense.com/pcanywhere17mar.html
symantec-pcanywhere-unspecified-dos(49291)

CPE    7
cpe:/a:symantec:pcanywhere:10.0
cpe:/a:symantec:pcanywhere:11.0.1
cpe:/a:symantec:pcanywhere:12.0
cpe:/a:symantec:pcanywhere:11.0
...
CWE    1
CWE-134

© 2013 SecPod Technologies