Symantec: >> Pcanywhere Security Vulnerabilities
Symantec pcAnywhere 12.5 uses weak integrity protection for .cif (aka caller or CallerID) files, which allows local users to generate a custom .cif file and modify the superuser flag.
CVSS Score
3.6
EPSS Score
0.001
Published
2006-07-24
Buffer overflow in Symantec pcAnywhere 11.0.1, 11.5.1, and all other 32-bit versions allows remote attackers to cause a denial of service (application crash) via unknown attack vectors.
CVSS Score
7.8
EPSS Score
0.103
Published
2005-12-01
Symantec pcAnywhere 10.5x and 11.x before 11.5, with "Launch with Windows" enabled, allows local users with physical access to execute arbitrary commands via the Caller Properties feature.
CVSS Score
7.2
EPSS Score
0.001
Published
2005-06-16
Symantec PCAnywhere 10.x and 11, when started as a service, allows attackers to gain SYSTEM privileges via the help interface using AWHOST32.exe.
CVSS Score
7.2
EPSS Score
0.001
Published
2003-12-15
pcAnywhere 8.x and 9.0 allows remote attackers to cause a denial of service via a TCP SYN scan, e.g. by nmap.
CVSS Score
5.0
EPSS Score
0.07
Published
2000-04-25
PCAnywhere allows remote attackers to cause a denial of service by terminating the connection before PCAnywhere provides a login prompt.
CVSS Score
5.0
EPSS Score
0.009
Published
2000-04-09
The default encryption method of PcAnywhere 9.x uses weak encryption, which allows remote attackers to sniff and decrypt PcAnywhere or NT domain accounts.
CVSS Score
10.0
EPSS Score
0.014
Published
2000-04-06
Symantec pcAnywhere 8.0 allows remote attackers to cause a denial of service (CPU utilization) via a large amount of data to port 5631.
CVSS Score
5.0
EPSS Score
0.05
Published
1999-05-28
Page 2