Symantec PCAnywhere Privilege Escalation Vulnerability

Symantec pcAnywhere can be installed as a service that listens for incoming connections from a remote administrator. Local unprivileged users have the ability to exercise some levels of control over the pcAnywhere server via the pcAnywhere icon that is visible in the systray on a Windows system.

Symantec pcAnywhere has been reported prone to a vulnerability that will allow a local unprivileged user to elevate system privileges. The issue is likely related to the vulnerability described in BID 8884. It has been reported that any local user may elevate local privileges by exploiting functionality provided by pcAnywhere help.


Privacy Statement
Copyright 2010, SecurityFocus