CVE-2009-0538Use of Externally-Controlled Format String in Pcanywhere

CWE-134Use of Externally-Controlled Format String3 documents3 sources
Severity
4.6MEDIUMNVD
EPSS
0.1%
top 76.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Symantec Pcanywhere
Timeline
PublishedMar 18
Latest updateMay 2

Description

Format string vulnerability in Symantec pcAnywhere before 12.5 SP1 allows local users to read and modify arbitrary memory locations, and cause a denial of service (application crash) or possibly have unspecified other impact, via format string specifiers in the pathname of a remote control file (aka .CHF file).

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages1 packages

Patches

Patch: securityresponse.symantec.comPatch: securityresponse.symantec.com

🔴Vulnerability Details

2
GHSA
GHSA-c435-2cgx-2393: Format string vulnerability in Symantec pcAnywhere before 122022-05-02
CVEList
CVE-2009-0538: Format string vulnerability in Symantec pcAnywhere before 122009-03-18
CVE-2009-0538 — Symantec Pcanywhere vulnerability | cvebase