CVE-2012-0290

4 documents4 sources

Severity

10.0CRITICAL

EPSS

2.7%

top 14.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Symantec Pcanywhere Symantec Altiris Client Management Suite Pcanywhere Solution Symantec Altiris Deployment Solution Remote Pcanywhere Solution

Timeline

PublishedFeb 6

Latest updateMay 4

Description

Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), and Altiris Deployment Solution Remote pcAnywhere Solution 7.1 (aka 12.5.x and 12.6.x) do not properly handle the client state after abnormal termination of a remote session, which allows remote attackers to obtain access to the client by leveraging an "open client session."

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

▶NVDsymantec/altiris_client_management_suite_pcanywhere_solution12.5, 12.6+1

▶NVDsymantec/altiris_deployment_solution_remote_pcanywhere_solution12.5, 12.6+1

▶NVDsymantec/pcanywhere12.5.3+12

🔴Vulnerability Details

GHSA

GHSA-w6cw-jfxj-m3cm: Symantec pcAnywhere through 12↗2022-05-04

▶

CVEList

CVE-2012-0290: Symantec pcAnywhere through 12↗2012-02-06

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Security Essentials / SCEP (Microsoft Windows 8/8.1/10 / Windows Server) - 'MsMpEng' Remote Type Confusion↗2017-05-09

▶