CVE-2011-3478

The host-services component in Symantec pcAnywhere 12.5.x through 12.5.3, and IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), does not properly filter login and authentication data, which allows remote attackers to execute arbitrary code via a crafted session on TCP port 5631.

Published: Jan 25, 2012
Updated: Apr 13, 2023
CVE: CVE-2011-3478
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-287

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
symantec / pcanywhere	12.5	12.5.x
symantec / pcanywhere	12.6.7580	12.6.7580.x
symantec / pcanywhere	12.6.65-sp1	12.6.65-sp1.x
symantec / pcanywhere	12.5-sp3	12.5-sp3.x
symantec / pcanywhere	12.6.65	12.6.65.x
symantec / pcanywhere	12.5-sp1	12.5-sp1.x
symantec / pcanywhere	12.5-sp2	12.5-sp2.x
symantec / pcanywhere	12.5.539	12.5.539.x

http://osvdb.org/show/osvdb/78532
http://secunia.com/advisories/48092
http://www.securityfocus.com/bid/51592
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120124_00
http://www.zerodayinitiative.com/advisories/ZDI-12-018/
https://www.exploit-db.com/exploits/38599/

Vulnerability Database

289,784

CVE-2011-3478