Main Vulnerability Database Exploits ID:4391 - Exploit for Permissions, Privileges, and Access Controls in pcAnywhere - CVE-2011-3479

ID:4391 - Exploit for Permissions, Privileges, and Access Controls in pcAnywhere - CVE-2011-3479

Published: August 11, 2020

Vulnerability identifier: #VU44364

Vulnerability risk: Low

CVE-ID: CVE-2011-3479

CWE-ID: CWE-264

Exploitation vector: Local access

Vulnerable software:
pcAnywhere

Link to public exploit:

https://www.exploit-db.com/exploits/18823/

Vulnerability description

The vulnerability allows a local #AU# to execute arbitrary code.

Symantec pcAnywhere 12.5.x through 12.5.3, and IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), uses world-writable permissions for product-installation files, which allows local users to gain privileges by modifying a file.

Remediation

Install update from vendor's website.

ID:4391 - Exploit for Permissions, Privileges, and Access Controls in pcAnywhere - CVE-2011-3479

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human