CVE-2012-0292: Input Validation
First published: Thu Mar 08 2012(Updated: )
The awhost32 service in Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), and Altiris Deployment Solution Remote pcAnywhere Solution 7.1 (aka 12.5.x and 12.6.x) allows remote attackers to cause a denial of service (daemon crash) via a crafted TCP session on port 5631.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Symantec pcAnywhere | <=12.5 | |
| Symantec pcAnywhere | =10.0 | |
| Symantec pcAnywhere | =10.5 | |
| Symantec pcAnywhere | =11.0 | |
| Symantec pcAnywhere | =11.0.1 | |
| Symantec pcAnywhere | =11.5 | |
| Symantec pcAnywhere | =11.5.1 | |
| Symantec pcAnywhere | =12.0 | |
| Symantec pcAnywhere | =12.0.1 | |
| Symantec pcAnywhere | =12.0.2 | |
| Symantec pcAnywhere | =12.0.3 | |
| Symantec pcAnywhere | =12.1 | |
| Symantec pcAnywhere | =12.5 | |
| Symantec pcAnywhere | =12.5-sp1 | |
| Symantec pcAnywhere | =12.5-sp2 | |
| Symantec pcAnywhere | =12.5.3 | |
| Symantec pcAnywhere | =12.5.265 | |
| Symantec pcAnywhere | =12.5.539 | |
| Symantec Altiris Client Management Suite | =7.0 | |
| Symantec Altiris Client Management Suite | =7.1 | |
| Symantec Altiris Deployment Solution | =7.1 | |
| Symantec Altiris Client Management Suite | =7.0 | |
| Symantec Altiris Client Management Suite | =7.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2012-0292?
CVE-2012-0292 has a severity rating of high due to its potential exploitation leading to unauthorized access.
How do I fix CVE-2012-0292?
To fix CVE-2012-0292, users should apply the latest security patches provided by Symantec for affected versions of pcAnywhere.
Which versions are affected by CVE-2012-0292?
CVE-2012-0292 affects Symantec pcAnywhere versions up to and including 12.5.3, as well as specific versions of Altiris IT Management Suite and Client Management Suite.
What type of vulnerability is CVE-2012-0292?
CVE-2012-0292 is categorized as a local privilege escalation vulnerability.
Can CVE-2012-0292 be exploited remotely?
Yes, CVE-2012-0292 can potentially be exploited remotely under certain conditions.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/symantec
- canonical/symantec pcanywhere
- version/symantec pcanywhere/12.5
- version/symantec pcanywhere/10.0
- version/symantec pcanywhere/10.5
- version/symantec pcanywhere/11.0
- version/symantec pcanywhere/11.0.1
- version/symantec pcanywhere/11.5
- version/symantec pcanywhere/11.5.1
- version/symantec pcanywhere/12.0
- version/symantec pcanywhere/12.0.1
- version/symantec pcanywhere/12.0.2
- version/symantec pcanywhere/12.0.3
- version/symantec pcanywhere/12.1
- version/symantec pcanywhere/12.5-sp1
- version/symantec pcanywhere/12.5-sp2
- version/symantec pcanywhere/12.5.3
- version/symantec pcanywhere/12.5.265
- version/symantec pcanywhere/12.5.539
- canonical/symantec altiris client management suite
- version/symantec altiris client management suite/7.0
- version/symantec altiris client management suite/7.1
- canonical/symantec altiris deployment solution
- version/symantec altiris deployment solution/7.1