CVE-2011-3478

The host-services component in Symantec pcAnywhere 12.5.x through 12.5.3, and IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), does not properly filter login and authentication data, which allows remote attackers to execute arbitrary code via a crafted session on TCP port 5631.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 98%
VendorProductVersion
symantecpcanywhere
12.5
symantecpcanywhere
12.5:sp1
symantecpcanywhere
12.5:sp2
symantecpcanywhere
12.5:sp3
symantecpcanywhere
12.5.539
symantecpcanywhere
12.6.65
symantecpcanywhere
12.6.65:sp1
symantecpcanywhere
12.6.7580
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://osvdb.org/show/osvdb/78532
http://secunia.com/advisories/48092
http://www.securityfocus.com/bid/51592
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120124_00
http://www.zerodayinitiative.com/advisories/ZDI-12-018/
https://www.exploit-db.com/exploits/38599/
http://osvdb.org/show/osvdb/78532
http://secunia.com/advisories/48092
http://www.securityfocus.com/bid/51592
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120124_00
http://www.zerodayinitiative.com/advisories/ZDI-12-018/
https://www.exploit-db.com/exploits/38599/