Release date:
Updated on:
Affected Systems:
Symantec pcAnywhere 12.x
Symantec pcAnywhere 11.x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 51862
Cve id: CVE-2012-0290
Symantec PCAnywhere is the world's best-selling remote control solution for managing servers and providing administrative support.
A security vulnerability exists in the implementation of pcAnywhere when the client processes input from some servers, which can interrupt the server connection while the client session is still enabled. Man-in-the-middle attackers can exploit this vulnerability to connect to the Client Session.
<* Source: vendor
Link: http://www.symantec.com/security_response/securityupdates/detail.jsp? Fid = security_advisory & pvid = security_advisory & year = 2012 & suid = 2012424_00
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Symantec
--------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.symantec.com/business/security_response/