CVE-2011-3478

Symantec pcAnywhere 12.5.x-12.5.3 & IT Management Suite 7.0-7.1 - RCE via TCP Port 5631

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2011-3478. PoCs published by Tomislav Paskalev, S2 Crew.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in Symantec pcAnywhere v12.5.0 (CVE-2011-3478) to achieve remote code execution. It leverages a fixed-length buffer overflow in the authentication process of awhost32.exe, allowing arbitrary code execution with SYSTEM privileges.

Description

The host-services component in Symantec pcAnywhere 12.5.x through 12.5.3, and IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), does not properly filter login and authentication data, which allows remote attackers to execute arbitrary code via a crafted session on TCP port 5631.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Tomislav Paskalev · pythonremotewindows_x86
https://www.exploit-db.com/exploits/38599

This exploit targets a buffer overflow vulnerability in Symantec pcAnywhere v12.5.0 (CVE-2011-3478) to achieve remote code execution. It leverages a fixed-length buffer overflow in the authentication process of awhost32.exe, allowing arbitrary code execution with SYSTEM privileges.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Racy
Target: Symantec pcAnywhere v12.5.0 Build 442 (Trial)
No auth needed
Prerequisites: Network access to the target system on port 5631 · Target system running a vulnerable version of Symantec pcAnywhere
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by S2 Crew · pythonremotewindows
https://www.exploit-db.com/exploits/19407

This exploit targets a buffer overflow vulnerability in Symantec PcAnywhere 12.5.0 by sending maliciously crafted packets to trigger a crash and potentially execute shellcode. The PoC includes a hardcoded IP address and shellcode for demonstration purposes.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Racy
Target: Symantec PcAnywhere 12.5.0
No auth needed
Prerequisites: Network access to the target system · Symantec PcAnywhere 12.5.0 running on Windows XP SP2
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/show/osvdb/78532
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/38599/
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/51592
Third Party Advisory x_refsource_confirm
http://www.zerodayinitiative.com/advisories/ZDI-12-018/
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/48092

Scores

EPSS 0.3931
EPSS Percentile 98.4%

Details

CWE
CWE-287
Status published
Products (4)
symantec/pcanywhere 12.5 (4 CPE variants)
symantec/pcanywhere 12.5.539
symantec/pcanywhere 12.6.65 (2 CPE variants)
symantec/pcanywhere 12.6.7580
Published Jan 25, 2012
Tracked Since Feb 18, 2026