(LiveHacking.Com) – Symantec has released a hotfix for its pcAnywhere product to address multiple vulnerabilities. According to Symantec, pcAnywhere is susceptible to local file tampering elevation of privilege exploits and remote code execution exploits and as a results it is possible to execute arbitrary code on a targeted system as “System”.
- Symantec pcAnywhere 12.5.x
- IT Management Suite 7.0 pcAnywhere Solution 12.5.x
- IT Management Suite 7.1 pcAnywhere Solution 12.6.x
The remote code execution is the result of pcAnywhere not properly validating/filtering external data input during login and authentication via port 5631/TCP. Successful exploitation would require either gaining unauthorized network access or enticing an authorized network user to run malicious code against a targeted system. Results could be a crash of the application or possibly successful arbitrary code execution in the context of the application on the targeted system.
The local file tampering vulnerability exists because some of the pcAnywhere files installed as writable by everyone and so open tampering. A local user can potentially overwrite these files with code of their choice in an attempt to leverage elevated privileges.
Symantec is not aware of any customers impacted by this issue, or of any attempts to exploit it.