CVE-2011-3478

Related Files

Symantec PcAnywhere 12.5.0 Buffer Overflow

Posted Jun 27, 2012

Authored by S2 Crew

Symantec PcAnywhere version 12.5.0 login and password field buffer overflow exploit.

tags | exploit, overflow

advisories | CVE-2011-3478

SHA-256 | 431142dcabddee7d1d98c06b0f21e036c028f68d52e340f678ba55b852d410ad

Download | Favorite | View

Zero Day Initiative Advisory 12-018

Posted Jan 25, 2012

Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-018 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec PCAnywhere. Authentication is not required to exploit this vulnerability. The flaw exists within the awhost32 component which is used when handling incoming connections. This process listens on TCP port 5631. When handling an authentication request the process copies the user supplied username unsafely to a fixed-length buffer of size 0x108. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM account.

tags | advisory, remote, arbitrary, tcp

advisories | CVE-2011-3478

SHA-256 | f2e5416cfb35582eb7bb064faa5f556740901c0c7936212dbaf2cc1269cea59b

Download | Favorite | View