Description
Format string vulnerability in Symantec pcAnywhere before 12.5 SP1 allows local users to read and modify arbitrary memory locations, and cause a denial of service (application crash) or possibly have unspecified other impact, via format string specifiers in the pathname of a remote control file (aka .CHF file).
References (9)
Core 9
Core References
Patch, Vendor Advisory x_refsource_confirm
http://securityresponse.symantec.com/avcenter/security/Content/2009.03.17.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/34305
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1021855
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/49291
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/52797
Vendor Advisory x_refsource_misc
http://www.layereddefense.com/pcanywhere17mar.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/33845
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/0755
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/501930/100/0/threaded
Scores
EPSS
0.0008
EPSS Percentile
23.2%
Details
CWE
CWE-134
Status
published
Products (9)
symantec/pcanywhere
10.0
symantec/pcanywhere
10.5
symantec/pcanywhere
11.0
symantec/pcanywhere
11.0.1
symantec/pcanywhere
11.5
symantec/pcanywhere
11.5.1
symantec/pcanywhere
12.0
symantec/pcanywhere
12.1
symantec/pcanywhere
< 12.5
Published
Mar 18, 2009
Tracked Since
Feb 18, 2026