| VID |
28130 |
| Severity |
30 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
A version of Symantec pcAnywhere is older than 11.5 is detected as installed on the host. Symantec pcAnywhere is a remote control software program for Microsoft Windows platforms. pcAnywhere versions prior to 10.5x and 11.x prior to 11.5 could allow a local attacker to gain elevated privileges. A local attacker could manipulate the "Caller Properties" feature to run arbitrary commands on the system with LocalSystem privileges when the system is restarted. Successful exploitation requires that the program has been configured to run as a service ("Launch with Windows" setting enabled).
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://securityresponse.symantec.com/avcenter/security/Content/2005.06.10.html
http://securitytracker.com/id?1014178
http://secunia.com/advisories/15673/
* Platforms Affected:
Symantec Corporation, pcAnywhere versions prior to 10.5x
Symantec Corporation, pcAnywhere versions 11.x prior to 11.5
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of pcAnywhere (11.5 or later), or apply the patch for this vulnerability, available from the Symantec LiveUpdate, as listed in Symantec Security Response SYM05-010 http://securityresponse.symantec.com/avcenter/security/Content/2005.06.10.html |
| Related URL |
CVE-2005-1970 (CVE) |
| Related URL |
13933 (SecurityFocus) |
| Related URL |
20969 (ISS) |
|
