Search

Find a vulnerability

Search criteria

    38 vulnerabilities found for pcanywhere by symantec

    VAR-200703-0519

    Vulnerability from variot - Updated: 2025-04-10 23:07

    The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.1.7, and possibly other products using symevent.sys 12.0.0.20, allows local users to cause a denial of service (system crash) via invalid data, as demonstrated by calling DeviceIoControl to send the data, a reintroduction of CVE-2006-4855. This vulnerability CVE-2006-4855 It is a reproduction.Local user disrupts service operation via invalid data ( System crash ) It may be in a state. This issue occurs when attackers send malformed data to the 'SymEvent' driver. A local authenticated attacker may exploit this issue to crash affected computers, denying service to legitimate users. Symantec is currently investigating this issue; this BID will be updated as more information becomes available. NOTE: This BID is being retired because it is already covered in BID 20051. Please see the vulnerable systems section for details regarding affected Symantec products. This vulnerability is a re-reference of CVE-2006-4855

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200703-0519",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "norton personal firewall",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "symantec",
            "version": "2006_9.1.1.7"
          },
          {
            "model": "norton personal firewall",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "symantec",
            "version": "2006 9.1.1.7"
          },
          {
            "model": "norton personal firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "20069.1.1.7"
          },
          {
            "model": "pcanywhere",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "11.5"
          },
          {
            "model": "norton systemworks",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "20060"
          },
          {
            "model": "norton systemworks premier",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "20050"
          },
          {
            "model": "norton systemworks",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "20050"
          },
          {
            "model": "norton systemworks professional edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "2004"
          },
          {
            "model": "norton systemworks",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "2004"
          },
          {
            "model": "norton systemworks professional edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "2003"
          },
          {
            "model": "norton personal firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "2006"
          },
          {
            "model": "norton personal firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "2005"
          },
          {
            "model": "norton personal firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "2004"
          },
          {
            "model": "norton personal firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "2003"
          },
          {
            "model": "norton internet security",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "20070"
          },
          {
            "model": "norton internet security professional edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "2006"
          },
          {
            "model": "norton internet security professional edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "2005"
          },
          {
            "model": "norton internet security",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "2005"
          },
          {
            "model": "norton internet security professional edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "2004"
          },
          {
            "model": "norton internet security",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "2004"
          },
          {
            "model": "norton internet security professional edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "2003"
          },
          {
            "model": "norton internet security",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "2003"
          },
          {
            "model": "norton antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "20070"
          },
          {
            "model": "norton antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "2006"
          },
          {
            "model": "norton antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "2005"
          },
          {
            "model": "norton antivirus professional edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "2004"
          },
          {
            "model": "norton antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "2004"
          },
          {
            "model": "norton antivirus professional edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "2003"
          },
          {
            "model": "norton antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "20030"
          },
          {
            "model": "host ids",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "0"
          },
          {
            "model": "client security",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "3.0"
          },
          {
            "model": "client security build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "2.0.51100"
          },
          {
            "model": "client security mr3 b9.0.3.1000",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "2.0.3"
          },
          {
            "model": "client security mr2 b9.0.2.1000",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "2.0.2"
          },
          {
            "model": "client security mr1 b9.0.1.1000",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "2.0.1"
          },
          {
            "model": "client security stm build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "2.09.0.0.338"
          },
          {
            "model": "client security (scf",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "2.07.1)"
          },
          {
            "model": "client security",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "2.0"
          },
          {
            "model": "client security mr5 build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "1.1.18.1.1.336"
          },
          {
            "model": "client security mr4 build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "1.1.18.1.1.329"
          },
          {
            "model": "client security mr3 build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "1.1.18.1.1.323"
          },
          {
            "model": "client security mr2 build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "1.1.18.1.1.319"
          },
          {
            "model": "client security mr1 build 8.1.1.314a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "1.1.1"
          },
          {
            "model": "client security build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "1.1.1393"
          },
          {
            "model": "client security mr6 b8.1.1.266",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "1.1.1"
          },
          {
            "model": "client security",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "1.1.1"
          },
          {
            "model": "client security stm b8.1.0.825a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "1.1"
          },
          {
            "model": "client security",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "1.1"
          },
          {
            "model": "client security mr8 build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "1.0.18.01.471"
          },
          {
            "model": "client security mr7 build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "1.0.18.01.464"
          },
          {
            "model": "client security mr6 build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "1.0.18.01.460"
          },
          {
            "model": "client security mr5 build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "1.0.18.01.457"
          },
          {
            "model": "client security mr4 build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "1.0.18.01.446"
          },
          {
            "model": "client security mr3 build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "1.0.18.01.434"
          },
          {
            "model": "client security build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "1.0.18.01.437"
          },
          {
            "model": "client security mr9 b8.01.501",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "1.0.1"
          },
          {
            "model": "client security mr2 b8.01.429c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "1.0.1"
          },
          {
            "model": "client security mr1 b8.01.425a/b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "1.0.1"
          },
          {
            "model": "client security",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "1.0.1"
          },
          {
            "model": "client security b8.01.9378",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "1.0.0"
          },
          {
            "model": "client security b8.01.9374",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "1.0"
          },
          {
            "model": "client security",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "1.0"
          },
          {
            "model": "client security",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "3.1"
          },
          {
            "model": "antivirus corporate edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "10.0.2.2021"
          },
          {
            "model": "antivirus corporate edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "10.0.2.2020"
          },
          {
            "model": "antivirus corporate edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "10.0.2.2011"
          },
          {
            "model": "antivirus corporate edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "10.0.2.2010"
          },
          {
            "model": "antivirus corporate edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "10.0.2.2002"
          },
          {
            "model": "antivirus corporate edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "10.0.2.2001"
          },
          {
            "model": "antivirus corporate edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "10.0.2.2000"
          },
          {
            "model": "antivirus corporate edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "10.0"
          },
          {
            "model": "antivirus corporate edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "9.0.5.1100"
          },
          {
            "model": "antivirus corporate edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "9.0.5"
          },
          {
            "model": "antivirus corporate edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "9.0.4"
          },
          {
            "model": "antivirus corporate edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "9.0.3.1000"
          },
          {
            "model": "antivirus corporate edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "9.0.2.1000"
          },
          {
            "model": "antivirus corporate edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "9.0.1.1.1000"
          },
          {
            "model": "antivirus corporate edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "9.0.0.338"
          },
          {
            "model": "antivirus corporate edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "9.0"
          },
          {
            "model": "antivirus corporate edition build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "8.1.18.1.1.329"
          },
          {
            "model": "antivirus corporate edition build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "8.1.18.1.1.323"
          },
          {
            "model": "antivirus corporate edition build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "8.1.18.1.1.319"
          },
          {
            "model": "antivirus corporate edition build 8.1.1.314a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "8.1.1"
          },
          {
            "model": "antivirus corporate edition build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "8.1.1393"
          },
          {
            "model": "antivirus corporate edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "8.1.1.377"
          },
          {
            "model": "antivirus corporate edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "8.1.1.366"
          },
          {
            "model": "antivirus corporate edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "8.1.1"
          },
          {
            "model": "antivirus corporate edition build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "8.18.01.471"
          },
          {
            "model": "antivirus corporate edition build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "8.18.01.464"
          },
          {
            "model": "antivirus corporate edition build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "8.18.01.460"
          },
          {
            "model": "antivirus corporate edition build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "8.18.01.457"
          },
          {
            "model": "antivirus corporate edition build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "8.18.01.446"
          },
          {
            "model": "antivirus corporate edition build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "8.18.01.437"
          },
          {
            "model": "antivirus corporate edition build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "8.18.01.434"
          },
          {
            "model": "antivirus corporate edition .0.825a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "8.1"
          },
          {
            "model": "antivirus corporate edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "8.1"
          },
          {
            "model": "antivirus corporate edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "8.01.9378"
          },
          {
            "model": "antivirus corporate edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "8.01.9374"
          },
          {
            "model": "antivirus corporate edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "8.01.501"
          },
          {
            "model": "antivirus corporate edition 1.429c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "8.0"
          },
          {
            "model": "antivirus corporate edition 1.425a/b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "8.0"
          },
          {
            "model": "antivirus corporate edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "8.01"
          },
          {
            "model": "antivirus corporate edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "8.0"
          },
          {
            "model": "antivirus corporate edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "10.1"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "22961"
          },
          {
            "db": "BID",
            "id": "20051"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2007-005254"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200703-422"
          },
          {
            "db": "NVD",
            "id": "CVE-2007-1495"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:symantec:norton_personal_firewall",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2007-005254"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovery is credited to David Matousek.",
        "sources": [
          {
            "db": "BID",
            "id": "22961"
          },
          {
            "db": "BID",
            "id": "20051"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200703-422"
          }
        ],
        "trust": 1.2
      },
      "cve": "CVE-2007-1495",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 4.9,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2007-1495",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 4.9,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "VHN-24857",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:L/AC:L/AU:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2007-1495",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2007-1495",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200703-422",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-24857",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-24857"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2007-005254"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200703-422"
          },
          {
            "db": "NVD",
            "id": "CVE-2007-1495"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The \\Device\\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.1.7, and possibly other products using symevent.sys 12.0.0.20, allows local users to cause a denial of service (system crash) via invalid data, as demonstrated by calling DeviceIoControl to send the data, a reintroduction of CVE-2006-4855. This vulnerability CVE-2006-4855 It is a reproduction.Local user disrupts service operation via invalid data ( System crash ) It may be in a state. This issue occurs when attackers send malformed data to the \u0027SymEvent\u0027 driver. \nA local authenticated attacker may exploit this issue to crash affected computers, denying service to legitimate users. Symantec is currently investigating this issue; this BID will be updated as more information becomes available. \nNOTE: This BID is being retired because it is already covered in BID 20051. \nPlease see the vulnerable systems section for details regarding affected Symantec products. This vulnerability is a re-reference of CVE-2006-4855",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2007-1495"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2007-005254"
          },
          {
            "db": "BID",
            "id": "22961"
          },
          {
            "db": "BID",
            "id": "20051"
          },
          {
            "db": "VULHUB",
            "id": "VHN-24857"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2007-1495",
            "trust": 2.8
          },
          {
            "db": "BID",
            "id": "22961",
            "trust": 2.0
          },
          {
            "db": "SREASON",
            "id": "2445",
            "trust": 1.7
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2007-005254",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200703-422",
            "trust": 0.7
          },
          {
            "db": "BUGTRAQ",
            "id": "20070314 SYMEVENT DRIVER LOCAL ACCESS SYSTEM DENIAL OF SERVICE",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "20051",
            "trust": 0.3
          },
          {
            "db": "VULHUB",
            "id": "VHN-24857",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-24857"
          },
          {
            "db": "BID",
            "id": "22961"
          },
          {
            "db": "BID",
            "id": "20051"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2007-005254"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200703-422"
          },
          {
            "db": "NVD",
            "id": "CVE-2007-1495"
          }
        ]
      },
      "id": "VAR-200703-0519",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-24857"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2025-04-10T23:07:34.766000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Norton Personal Firewall",
            "trust": 0.8,
            "url": "http://us.norton.com/now/en/pu/images/Promotions/2012/5804/ch2.html?undefined\u0026s_tnt=48837:19:0"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2007-005254"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2007-1495"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/22961"
          },
          {
            "trust": 1.7,
            "url": "http://securityreason.com/securityalert/2445"
          },
          {
            "trust": 1.1,
            "url": "http://www.securityfocus.com/archive/1/462792/100/0/threaded"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1495"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-1495"
          },
          {
            "trust": 0.6,
            "url": "http://www.symantec.com/sabu/nis/npf/"
          },
          {
            "trust": 0.6,
            "url": "/archive/1/446111"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/archive/1/archive/1/462792/100/0/threaded"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/462792"
          },
          {
            "trust": 0.3,
            "url": "http://www.symantec.com/avcenter/security/content/2006.09.20a.html"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-24857"
          },
          {
            "db": "BID",
            "id": "22961"
          },
          {
            "db": "BID",
            "id": "20051"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2007-005254"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200703-422"
          },
          {
            "db": "NVD",
            "id": "CVE-2007-1495"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-24857"
          },
          {
            "db": "BID",
            "id": "22961"
          },
          {
            "db": "BID",
            "id": "20051"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2007-005254"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200703-422"
          },
          {
            "db": "NVD",
            "id": "CVE-2007-1495"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2007-03-16T00:00:00",
            "db": "VULHUB",
            "id": "VHN-24857"
          },
          {
            "date": "2007-03-14T00:00:00",
            "db": "BID",
            "id": "22961"
          },
          {
            "date": "2006-09-15T00:00:00",
            "db": "BID",
            "id": "20051"
          },
          {
            "date": "2012-12-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2007-005254"
          },
          {
            "date": "2007-03-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200703-422"
          },
          {
            "date": "2007-03-16T22:19:00",
            "db": "NVD",
            "id": "CVE-2007-1495"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-10-16T00:00:00",
            "db": "VULHUB",
            "id": "VHN-24857"
          },
          {
            "date": "2007-07-03T22:17:00",
            "db": "BID",
            "id": "22961"
          },
          {
            "date": "2015-05-12T19:49:00",
            "db": "BID",
            "id": "20051"
          },
          {
            "date": "2012-12-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2007-005254"
          },
          {
            "date": "2007-03-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200703-422"
          },
          {
            "date": "2025-04-09T00:30:58.490000",
            "db": "NVD",
            "id": "CVE-2007-1495"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "BID",
            "id": "22961"
          },
          {
            "db": "BID",
            "id": "20051"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200703-422"
          }
        ],
        "trust": 1.2
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Symantec Norton Personal Firewall Such as  \\Device\\SymEvent Service disruption in drivers  (DoS) Vulnerabilities",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2007-005254"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Failure to Handle Exceptional Conditions",
        "sources": [
          {
            "db": "BID",
            "id": "22961"
          },
          {
            "db": "BID",
            "id": "20051"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-200609-0473

    Vulnerability from variot - Updated: 2025-04-03 22:13

    The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.0.33, and other versions of Norton Personal Firewall, Internet Security, AntiVirus, SystemWorks, Symantec Client Security SCS 1.x, 2.x, 3.0, and 3.1, Symantec AntiVirus Corporate Edition SAVCE 8.x, 9.x, 10.0, and 10.1, Symantec pcAnywhere 11.5 only, and Symantec Host, allows local users to cause a denial of service (system crash) via invalid data, as demonstrated by calling DeviceIoControl to send the data. Multiple Symantec products are prone to a local denial-of-service vulnerability. This issue occurs when attackers send malformed data to the 'SymEvent' driver. A local authenticated attacker may exploit this issue to crash affected computers, denying service to legitimate users. Please see the vulnerable systems section for details regarding affected Symantec products. Norton does not adequately protect the \Device\SymEvent driver, nor does it validate its input buffer, allowing Everyone to write data to this driver, which may cause the driver to perform invalid memory operations and crash the entire operating system.


    Want to work within IT-Security?

    Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit.

    The vulnerability is caused due to an error in the handling of data sent to the "\Device\SymEvent" device which is writable by "Everyone". Other versions may also be affected.

    SOLUTION: Grant only trusted users access to affected systems.

    PROVIDED AND/OR DISCOVERED BY: David Matousek

    ORIGINAL ADVISORY: http://www.matousec.com/info/advisories/Norton-Insufficient-validation-of-SymEvent-driver-input-buffer.php


    About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

    Subscribe: http://secunia.com/secunia_security_advisories/

    Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

    Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


    Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200609-0473",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "pcanywhere",
            "scope": "eq",
            "trust": 2.7,
            "vendor": "symantec",
            "version": "11.5"
          },
          {
            "model": "norton personal firewall",
            "scope": "eq",
            "trust": 1.9,
            "vendor": "symantec",
            "version": "2006"
          },
          {
            "model": "norton personal firewall",
            "scope": "eq",
            "trust": 1.9,
            "vendor": "symantec",
            "version": "2005"
          },
          {
            "model": "norton internet security",
            "scope": "eq",
            "trust": 1.9,
            "vendor": "symantec",
            "version": "2004"
          },
          {
            "model": "norton system works",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "symantec",
            "version": "2004"
          },
          {
            "model": "norton system works",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "symantec",
            "version": "2005_premier"
          },
          {
            "model": "norton system works",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "symantec",
            "version": "2004_professional_edition"
          },
          {
            "model": "norton system works",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "symantec",
            "version": "2005"
          },
          {
            "model": "norton system works",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "symantec",
            "version": "2006"
          },
          {
            "model": "norton system works",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "symantec",
            "version": "2003_professional_edition"
          },
          {
            "model": "norton personal firewall",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "symantec",
            "version": "2004"
          },
          {
            "model": "norton personal firewall",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "symantec",
            "version": "2003"
          },
          {
            "model": "norton internet security",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "symantec",
            "version": "2005"
          },
          {
            "model": "norton internet security",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "symantec",
            "version": "2003"
          },
          {
            "model": "norton antivirus",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "symantec",
            "version": "2006"
          },
          {
            "model": "norton antivirus",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "symantec",
            "version": "2005"
          },
          {
            "model": "norton antivirus",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "symantec",
            "version": "2004"
          },
          {
            "model": "client security",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "symantec",
            "version": "3.0"
          },
          {
            "model": "client security",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "symantec",
            "version": "2.0"
          },
          {
            "model": "client security",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "symantec",
            "version": "1.1.1"
          },
          {
            "model": "client security",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "symantec",
            "version": "1.1"
          },
          {
            "model": "client security",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "symantec",
            "version": "1.0.1"
          },
          {
            "model": "client security",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "symantec",
            "version": "1.0"
          },
          {
            "model": "client security",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "symantec",
            "version": "3.1"
          },
          {
            "model": "norton antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "9.0"
          },
          {
            "model": "norton antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "10.0.2.2010"
          },
          {
            "model": "norton antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "8.1"
          },
          {
            "model": "norton antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "9.0.0.338"
          },
          {
            "model": "norton antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "8.1.1_build8.1.1.314a"
          },
          {
            "model": "client security",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "1.1.1_mr6_b8.1.1.266"
          },
          {
            "model": "client security",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "2.0_scf_7.1"
          },
          {
            "model": "client security",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "1.0.1_build_8.01.446"
          },
          {
            "model": "norton antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "10.0.2.2001"
          },
          {
            "model": "norton antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "8.0.1.501"
          },
          {
            "model": "norton antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "8.1.1"
          },
          {
            "model": "norton antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "8.0.1"
          },
          {
            "model": "norton antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "10.0.2.2002"
          },
          {
            "model": "client security",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "1.0.0_b8.01.9378"
          },
          {
            "model": "norton antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "9.0.5.1100"
          },
          {
            "model": "norton antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "8.1.1.377"
          },
          {
            "model": "norton antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "9.0.5"
          },
          {
            "model": "norton antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "8.01.437"
          },
          {
            "model": "client security",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "1.0.1_build_8.01.501"
          },
          {
            "model": "norton antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "8.01.460"
          },
          {
            "model": "client security",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "1.1.1_mr3_build_8.1.1.323"
          },
          {
            "model": "norton antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "8.01.457"
          },
          {
            "model": "norton antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "10.0.2.2021"
          },
          {
            "model": "client security",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "2.0.5_build_1100"
          },
          {
            "model": "client security",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "1.0.1_build_8.01.425a"
          },
          {
            "model": "norton antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "10.0.2.2011"
          },
          {
            "model": "norton antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "8.1.1_build393"
          },
          {
            "model": "norton internet security",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "2006"
          },
          {
            "model": "client security",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "1.1_stm_b8.1.0.825a"
          },
          {
            "model": "client security",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "1.0.1_build_8.01.434"
          },
          {
            "model": "norton antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "9.0.2.1000"
          },
          {
            "model": "client security",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "1.0.1_build_8.01.429c"
          },
          {
            "model": "norton antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "2007"
          },
          {
            "model": "norton antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "10.1"
          },
          {
            "model": "norton antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "8.01.446"
          },
          {
            "model": "norton antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "8.1.1.319"
          },
          {
            "model": "client security",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "2.0.1_build_9.0.1.1000"
          },
          {
            "model": "norton antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "8.1.0.825a"
          },
          {
            "model": "norton antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "9.0.1.1.1000"
          },
          {
            "model": "norton antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "8.01.471"
          },
          {
            "model": "client security",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "1.1.1_build_393"
          },
          {
            "model": "client security",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "2.0.3_build_9.0.3.1000"
          },
          {
            "model": "norton antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "10.0.2.2020"
          },
          {
            "model": "client security",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "1.1.1_mr1_build_8.1.1.314a"
          },
          {
            "model": "norton antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "9.0.3.1000"
          },
          {
            "model": "norton antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "2.1"
          },
          {
            "model": "norton antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "8.01.434"
          },
          {
            "model": "client security",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "1.0.1_build_8.01.471"
          },
          {
            "model": "norton antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "8.0.1.9378"
          },
          {
            "model": "norton internet security",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "2007"
          },
          {
            "model": "client security",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "1.0.1_build_8.01.464"
          },
          {
            "model": "norton antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "9.0.4"
          },
          {
            "model": "client security",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "1.0.1_build_8.01.460"
          },
          {
            "model": "norton antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "8.1.1.366"
          },
          {
            "model": "norton antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "8.01.464"
          },
          {
            "model": "client security",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "1.1.1_mr5_build_8.1.1.336"
          },
          {
            "model": "client security",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "1.1.1_mr2_build_8.1.1.319"
          },
          {
            "model": "norton antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "8.0.1.425c"
          },
          {
            "model": "client security",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "2.0.2_build_9.0.2.1000"
          },
          {
            "model": "norton antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "8.1.1.329"
          },
          {
            "model": "client security",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "1.1.1_mr4_build_8.1.1.329"
          },
          {
            "model": "client security",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "1.0.1_build_8.01.457"
          },
          {
            "model": "norton antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "8.0.1.9374"
          },
          {
            "model": "norton antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "8.0"
          },
          {
            "model": "client security",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "2.0_stm_build_9.0.0.338"
          },
          {
            "model": "norton antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "8.0.1.425a"
          },
          {
            "model": "client security",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "1.0.1_build_8.01.437"
          },
          {
            "model": "norton antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "8.1.1.323"
          },
          {
            "model": "host ids",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "*"
          },
          {
            "model": "client security",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "1.0_build_8.01.9374"
          },
          {
            "model": "norton antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "10.0.2.2000"
          },
          {
            "model": "norton antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "10.0"
          },
          {
            "model": "norton antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "2003"
          },
          {
            "model": "client security",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "symantec",
            "version": "1.x"
          },
          {
            "model": "client security",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "symantec",
            "version": "2.x"
          },
          {
            "model": "client security",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "symantec",
            "version": "3.0 and  3.1"
          },
          {
            "model": "host ids",
            "scope": null,
            "trust": 0.8,
            "vendor": "symantec",
            "version": null
          },
          {
            "model": "norton antivirus",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "symantec",
            "version": "corporate edition savce 8.x"
          },
          {
            "model": "norton antivirus",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "symantec",
            "version": "9.x"
          },
          {
            "model": "norton antivirus",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "symantec",
            "version": "10.0 and  10.1"
          },
          {
            "model": "norton internet security",
            "scope": null,
            "trust": 0.8,
            "vendor": "symantec",
            "version": null
          },
          {
            "model": "norton personal firewall",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "symantec",
            "version": "2006 9.1.0.33"
          },
          {
            "model": "norton systemworks",
            "scope": null,
            "trust": 0.8,
            "vendor": "symantec",
            "version": null
          },
          {
            "model": "norton systemworks",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "20060"
          },
          {
            "model": "norton systemworks premier",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "20050"
          },
          {
            "model": "norton systemworks",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "20050"
          },
          {
            "model": "norton systemworks professional edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "2004"
          },
          {
            "model": "norton systemworks",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "2004"
          },
          {
            "model": "norton systemworks professional edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "2003"
          },
          {
            "model": "norton internet security",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "20070"
          },
          {
            "model": "norton internet security professional edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "2006"
          },
          {
            "model": "norton internet security professional edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "2005"
          },
          {
            "model": "norton internet security professional edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "2004"
          },
          {
            "model": "norton internet security professional edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "2003"
          },
          {
            "model": "norton antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "20070"
          },
          {
            "model": "norton antivirus professional edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "2004"
          },
          {
            "model": "norton antivirus professional edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "2003"
          },
          {
            "model": "norton antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "20030"
          },
          {
            "model": "host ids",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "0"
          },
          {
            "model": "client security build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "2.0.51100"
          },
          {
            "model": "client security mr3 b9.0.3.1000",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "2.0.3"
          },
          {
            "model": "client security mr2 b9.0.2.1000",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "2.0.2"
          },
          {
            "model": "client security mr1 b9.0.1.1000",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "2.0.1"
          },
          {
            "model": "client security stm build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "2.09.0.0.338"
          },
          {
            "model": "client security (scf",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "2.07.1)"
          },
          {
            "model": "client security mr5 build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "1.1.18.1.1.336"
          },
          {
            "model": "client security mr4 build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "1.1.18.1.1.329"
          },
          {
            "model": "client security mr3 build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "1.1.18.1.1.323"
          },
          {
            "model": "client security mr2 build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "1.1.18.1.1.319"
          },
          {
            "model": "client security mr1 build 8.1.1.314a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "1.1.1"
          },
          {
            "model": "client security build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "1.1.1393"
          },
          {
            "model": "client security mr6 b8.1.1.266",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "1.1.1"
          },
          {
            "model": "client security stm b8.1.0.825a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "1.1"
          },
          {
            "model": "client security mr8 build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "1.0.18.01.471"
          },
          {
            "model": "client security mr7 build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "1.0.18.01.464"
          },
          {
            "model": "client security mr6 build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "1.0.18.01.460"
          },
          {
            "model": "client security mr5 build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "1.0.18.01.457"
          },
          {
            "model": "client security mr4 build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "1.0.18.01.446"
          },
          {
            "model": "client security mr3 build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "1.0.18.01.434"
          },
          {
            "model": "client security build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "1.0.18.01.437"
          },
          {
            "model": "client security mr9 b8.01.501",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "1.0.1"
          },
          {
            "model": "client security mr2 b8.01.429c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "1.0.1"
          },
          {
            "model": "client security mr1 b8.01.425a/b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "1.0.1"
          },
          {
            "model": "client security b8.01.9378",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "1.0.0"
          },
          {
            "model": "client security b8.01.9374",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "1.0"
          },
          {
            "model": "antivirus corporate edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "10.0.2.2021"
          },
          {
            "model": "antivirus corporate edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "10.0.2.2020"
          },
          {
            "model": "antivirus corporate edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "10.0.2.2011"
          },
          {
            "model": "antivirus corporate edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "10.0.2.2010"
          },
          {
            "model": "antivirus corporate edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "10.0.2.2002"
          },
          {
            "model": "antivirus corporate edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "10.0.2.2001"
          },
          {
            "model": "antivirus corporate edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "10.0.2.2000"
          },
          {
            "model": "antivirus corporate edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "10.0"
          },
          {
            "model": "antivirus corporate edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "9.0.5.1100"
          },
          {
            "model": "antivirus corporate edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "9.0.5"
          },
          {
            "model": "antivirus corporate edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "9.0.4"
          },
          {
            "model": "antivirus corporate edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "9.0.3.1000"
          },
          {
            "model": "antivirus corporate edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "9.0.2.1000"
          },
          {
            "model": "antivirus corporate edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "9.0.1.1.1000"
          },
          {
            "model": "antivirus corporate edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "9.0.0.338"
          },
          {
            "model": "antivirus corporate edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "9.0"
          },
          {
            "model": "antivirus corporate edition build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "8.1.18.1.1.329"
          },
          {
            "model": "antivirus corporate edition build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "8.1.18.1.1.323"
          },
          {
            "model": "antivirus corporate edition build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "8.1.18.1.1.319"
          },
          {
            "model": "antivirus corporate edition build 8.1.1.314a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "8.1.1"
          },
          {
            "model": "antivirus corporate edition build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "8.1.1393"
          },
          {
            "model": "antivirus corporate edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "8.1.1.377"
          },
          {
            "model": "antivirus corporate edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "8.1.1.366"
          },
          {
            "model": "antivirus corporate edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "8.1.1"
          },
          {
            "model": "antivirus corporate edition build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "8.18.01.471"
          },
          {
            "model": "antivirus corporate edition build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "8.18.01.464"
          },
          {
            "model": "antivirus corporate edition build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "8.18.01.460"
          },
          {
            "model": "antivirus corporate edition build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "8.18.01.457"
          },
          {
            "model": "antivirus corporate edition build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "8.18.01.446"
          },
          {
            "model": "antivirus corporate edition build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "8.18.01.437"
          },
          {
            "model": "antivirus corporate edition build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "8.18.01.434"
          },
          {
            "model": "antivirus corporate edition .0.825a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "8.1"
          },
          {
            "model": "antivirus corporate edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "8.1"
          },
          {
            "model": "antivirus corporate edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "8.01.9378"
          },
          {
            "model": "antivirus corporate edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "8.01.9374"
          },
          {
            "model": "antivirus corporate edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "8.01.501"
          },
          {
            "model": "antivirus corporate edition 1.429c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "8.0"
          },
          {
            "model": "antivirus corporate edition 1.425a/b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "8.0"
          },
          {
            "model": "antivirus corporate edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "8.01"
          },
          {
            "model": "antivirus corporate edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "8.0"
          },
          {
            "model": "antivirus corporate edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "10.1"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "20051"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-003187"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-347"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-4855"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:symantec:client_security",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:symantec:host_ids",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:symantec:norton_antivirus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:symantec:norton_internet_security",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:symantec:norton_personal_firewall",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:symantec:norton_system_works",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:symantec:pcanywhere",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-003187"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "David Matousek david@matousec.com",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-347"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2006-4855",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 4.9,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2006-4855",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 4.9,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "VHN-20963",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:L/AC:L/AU:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2006-4855",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2006-4855",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200609-347",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-20963",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-20963"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-003187"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-347"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-4855"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The \\Device\\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.0.33, and other versions of Norton Personal Firewall, Internet Security, AntiVirus, SystemWorks, Symantec Client Security SCS 1.x, 2.x, 3.0, and 3.1, Symantec AntiVirus Corporate Edition SAVCE 8.x, 9.x, 10.0, and 10.1, Symantec pcAnywhere 11.5 only, and Symantec Host, allows local users to cause a denial of service (system crash) via invalid data, as demonstrated by calling DeviceIoControl to send the data. Multiple Symantec products are prone to a local denial-of-service vulnerability. This issue occurs when attackers send malformed data to the \u0027SymEvent\u0027 driver. \nA local authenticated attacker may exploit this issue to crash affected computers, denying service to legitimate users. \nPlease see the vulnerable systems section for details regarding affected Symantec products. Norton does not adequately protect the \\Device\\SymEvent driver, nor does it validate its input buffer, allowing Everyone to write data to this driver, which may cause the driver to perform invalid memory operations and crash the entire operating system. \n\n----------------------------------------------------------------------\n\nWant to work within IT-Security?\n\nSecunia is expanding its team of highly skilled security experts. \nWe will help with relocation and obtaining a work permit. \n\nThe vulnerability is caused due to an error in the handling of data\nsent to the \"\\Device\\SymEvent\" device which is writable by\n\"Everyone\". \nOther versions may also be affected. \n\nSOLUTION:\nGrant only trusted users access to affected systems. \n\nPROVIDED AND/OR DISCOVERED BY:\nDavid Matousek\n\nORIGINAL ADVISORY:\nhttp://www.matousec.com/info/advisories/Norton-Insufficient-validation-of-SymEvent-driver-input-buffer.php\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2006-4855"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-003187"
          },
          {
            "db": "BID",
            "id": "20051"
          },
          {
            "db": "VULHUB",
            "id": "VHN-20963"
          },
          {
            "db": "PACKETSTORM",
            "id": "50081"
          }
        ],
        "trust": 2.07
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-20963",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-20963"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2006-4855",
            "trust": 2.8
          },
          {
            "db": "BID",
            "id": "20051",
            "trust": 2.0
          },
          {
            "db": "SECUNIA",
            "id": "21938",
            "trust": 1.8
          },
          {
            "db": "SECTRACK",
            "id": "1016897",
            "trust": 1.7
          },
          {
            "db": "SECTRACK",
            "id": "1016895",
            "trust": 1.7
          },
          {
            "db": "SECTRACK",
            "id": "1016898",
            "trust": 1.7
          },
          {
            "db": "SECTRACK",
            "id": "1016892",
            "trust": 1.7
          },
          {
            "db": "SECTRACK",
            "id": "1016889",
            "trust": 1.7
          },
          {
            "db": "SECTRACK",
            "id": "1016894",
            "trust": 1.7
          },
          {
            "db": "SECTRACK",
            "id": "1016893",
            "trust": 1.7
          },
          {
            "db": "SECTRACK",
            "id": "1016896",
            "trust": 1.7
          },
          {
            "db": "SREASON",
            "id": "1591",
            "trust": 1.7
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3636",
            "trust": 1.7
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-003187",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-347",
            "trust": 0.7
          },
          {
            "db": "XF",
            "id": "28960",
            "trust": 0.6
          },
          {
            "db": "BUGTRAQ",
            "id": "20060915 SYMANTEC NORTON INSUFFICIENT VALIDATION OF \u0027SYMEVENT\u0027 DRIVER INPUT BUFFER",
            "trust": 0.6
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-82146",
            "trust": 0.1
          },
          {
            "db": "EXPLOIT-DB",
            "id": "28588",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-20963",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "50081",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-20963"
          },
          {
            "db": "BID",
            "id": "20051"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-003187"
          },
          {
            "db": "PACKETSTORM",
            "id": "50081"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-347"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-4855"
          }
        ]
      },
      "id": "VAR-200609-0473",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-20963"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2025-04-03T22:13:21.734000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "SYM06-018",
            "trust": 0.8,
            "url": "http://www.symantec.com/avcenter/security/Content/2006.09.20a.html"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-003187"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-399",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-20963"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-003187"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-4855"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "http://www.matousec.com/info/advisories/norton-insufficient-validation-of-symevent-driver-input-buffer.php"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/20051"
          },
          {
            "trust": 1.7,
            "url": "http://securityresponse.symantec.com/avcenter/security/content/2006.09.20a.html"
          },
          {
            "trust": 1.7,
            "url": "http://securitytracker.com/id?1016889"
          },
          {
            "trust": 1.7,
            "url": "http://securitytracker.com/id?1016892"
          },
          {
            "trust": 1.7,
            "url": "http://securitytracker.com/id?1016893"
          },
          {
            "trust": 1.7,
            "url": "http://securitytracker.com/id?1016894"
          },
          {
            "trust": 1.7,
            "url": "http://securitytracker.com/id?1016895"
          },
          {
            "trust": 1.7,
            "url": "http://securitytracker.com/id?1016896"
          },
          {
            "trust": 1.7,
            "url": "http://securitytracker.com/id?1016897"
          },
          {
            "trust": 1.7,
            "url": "http://securitytracker.com/id?1016898"
          },
          {
            "trust": 1.7,
            "url": "http://secunia.com/advisories/21938"
          },
          {
            "trust": 1.7,
            "url": "http://securityreason.com/securityalert/1591"
          },
          {
            "trust": 1.1,
            "url": "http://www.securityfocus.com/archive/1/446111/100/0/threaded"
          },
          {
            "trust": 1.1,
            "url": "http://www.vupen.com/english/advisories/2006/3636"
          },
          {
            "trust": 1.1,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28960"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4855"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4855"
          },
          {
            "trust": 0.6,
            "url": "http://xforce.iss.net/xforce/xfdb/28960"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/archive/1/archive/1/446111/100/0/threaded"
          },
          {
            "trust": 0.6,
            "url": "http://www.frsirt.com/english/advisories/2006/3636"
          },
          {
            "trust": 0.3,
            "url": "http://www.symantec.com/sabu/nis/npf/"
          },
          {
            "trust": 0.3,
            "url": "http://www.symantec.com/avcenter/security/content/2006.09.20a.html"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/446111"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/product/6638/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/secunia_security_advisories/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/quality_assurance_analyst/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/21938/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/product/6637/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/web_application_security_specialist/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/about_secunia_advisories/"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-20963"
          },
          {
            "db": "BID",
            "id": "20051"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-003187"
          },
          {
            "db": "PACKETSTORM",
            "id": "50081"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-347"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-4855"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-20963"
          },
          {
            "db": "BID",
            "id": "20051"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-003187"
          },
          {
            "db": "PACKETSTORM",
            "id": "50081"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-347"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-4855"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2006-09-19T00:00:00",
            "db": "VULHUB",
            "id": "VHN-20963"
          },
          {
            "date": "2006-09-15T00:00:00",
            "db": "BID",
            "id": "20051"
          },
          {
            "date": "2012-12-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2006-003187"
          },
          {
            "date": "2006-09-16T01:17:17",
            "db": "PACKETSTORM",
            "id": "50081"
          },
          {
            "date": "2006-09-19T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200609-347"
          },
          {
            "date": "2006-09-19T18:07:00",
            "db": "NVD",
            "id": "CVE-2006-4855"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-10-17T00:00:00",
            "db": "VULHUB",
            "id": "VHN-20963"
          },
          {
            "date": "2015-05-12T19:49:00",
            "db": "BID",
            "id": "20051"
          },
          {
            "date": "2012-12-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2006-003187"
          },
          {
            "date": "2006-09-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200609-347"
          },
          {
            "date": "2025-04-03T01:03:51.193000",
            "db": "NVD",
            "id": "CVE-2006-4855"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "BID",
            "id": "20051"
          },
          {
            "db": "PACKETSTORM",
            "id": "50081"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-347"
          }
        ],
        "trust": 1.0
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Symantec Norton Personal Firewall Such as  \\Device\\SymEvent Service disruption in drivers  (DoS) Vulnerabilities",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-003187"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "resource management error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-347"
          }
        ],
        "trust": 0.6
      }
    }

    CVE-2012-0292 (GCVE-0-2012-0292)

    Vulnerability from nvd – Published: 2012-03-08 02:00 – Updated: 2024-08-06 18:23
    VLAI
    Summary
    The awhost32 service in Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), and Altiris Deployment Solution Remote pcAnywhere Solution 7.1 (aka 12.5.x and 12.6.x) allows remote attackers to cause a denial of service (daemon crash) via a crafted TCP session on port 5631.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/52094 vdb-entryx_refsource_BID
    http://www.exploit-db.com/exploits/18493/ exploitx_refsource_EXPLOIT-DB
    http://www.symantec.com/security_response/securit… x_refsource_CONFIRM
    http://secunia.com/advisories/48092 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2012-02-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T18:23:29.362Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "52094",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/52094"
              },
              {
                "name": "18493",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "http://www.exploit-db.com/exploits/18493/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2012\u0026suid=20120301_00"
              },
              {
                "name": "48092",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/48092"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-02-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The awhost32 service in Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), and Altiris Deployment Solution Remote pcAnywhere Solution 7.1 (aka 12.5.x and 12.6.x) allows remote attackers to cause a denial of service (daemon crash) via a crafted TCP session on port 5631."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-05T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "52094",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/52094"
            },
            {
              "name": "18493",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "http://www.exploit-db.com/exploits/18493/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2012\u0026suid=20120301_00"
            },
            {
              "name": "48092",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/48092"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2012-0292",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The awhost32 service in Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), and Altiris Deployment Solution Remote pcAnywhere Solution 7.1 (aka 12.5.x and 12.6.x) allows remote attackers to cause a denial of service (daemon crash) via a crafted TCP session on port 5631."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "52094",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/52094"
                },
                {
                  "name": "18493",
                  "refsource": "EXPLOIT-DB",
                  "url": "http://www.exploit-db.com/exploits/18493/"
                },
                {
                  "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2012\u0026suid=20120301_00",
                  "refsource": "CONFIRM",
                  "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2012\u0026suid=20120301_00"
                },
                {
                  "name": "48092",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/48092"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2012-0292",
        "datePublished": "2012-03-08T02:00:00.000Z",
        "dateReserved": "2012-01-04T00:00:00.000Z",
        "dateUpdated": "2024-08-06T18:23:29.362Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-0291 (GCVE-0-2012-0291)

    Vulnerability from nvd – Published: 2012-02-22 11:00 – Updated: 2024-08-06 18:23
    VLAI
    Summary
    Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), and Altiris Deployment Solution Remote pcAnywhere Solution 7.1 (aka 12.5.x and 12.6.x) allow remote attackers to cause a denial of service (application crash or hang) via (1) malformed data from a client, (2) malformed data from a server, or (3) an invalid response.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.symantec.com/security_response/securit… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/51965 vdb-entryx_refsource_BID
    http://secunia.com/advisories/48092 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2012-02-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T18:23:30.070Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2012\u0026suid=20120124_00"
              },
              {
                "name": "51965",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/51965"
              },
              {
                "name": "48092",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/48092"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-02-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), and Altiris Deployment Solution Remote pcAnywhere Solution 7.1 (aka 12.5.x and 12.6.x) allow remote attackers to cause a denial of service (application crash or hang) via (1) malformed data from a client, (2) malformed data from a server, or (3) an invalid response."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-05T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2012\u0026suid=20120124_00"
            },
            {
              "name": "51965",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/51965"
            },
            {
              "name": "48092",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/48092"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2012-0291",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), and Altiris Deployment Solution Remote pcAnywhere Solution 7.1 (aka 12.5.x and 12.6.x) allow remote attackers to cause a denial of service (application crash or hang) via (1) malformed data from a client, (2) malformed data from a server, or (3) an invalid response."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2012\u0026suid=20120124_00",
                  "refsource": "CONFIRM",
                  "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2012\u0026suid=20120124_00"
                },
                {
                  "name": "51965",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/51965"
                },
                {
                  "name": "48092",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/48092"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2012-0291",
        "datePublished": "2012-02-22T11:00:00.000Z",
        "dateReserved": "2012-01-04T00:00:00.000Z",
        "dateUpdated": "2024-08-06T18:23:30.070Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-0290 (GCVE-0-2012-0290)

    Vulnerability from nvd – Published: 2012-02-06 20:00 – Updated: 2024-08-06 18:23
    VLAI
    Summary
    Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), and Altiris Deployment Solution Remote pcAnywhere Solution 7.1 (aka 12.5.x and 12.6.x) do not properly handle the client state after abnormal termination of a remote session, which allows remote attackers to obtain access to the client by leveraging an "open client session."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/51862 vdb-entryx_refsource_BID
    http://www.symantec.com/security_response/securit… x_refsource_CONFIRM
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/48092 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2012-02-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T18:23:29.301Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "51862",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/51862"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2012\u0026suid=20120124_00"
              },
              {
                "name": "pcanywhere-unauth-access(72996)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72996"
              },
              {
                "name": "48092",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/48092"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-02-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), and Altiris Deployment Solution Remote pcAnywhere Solution 7.1 (aka 12.5.x and 12.6.x) do not properly handle the client state after abnormal termination of a remote session, which allows remote attackers to obtain access to the client by leveraging an \"open client session.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-05T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "51862",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/51862"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2012\u0026suid=20120124_00"
            },
            {
              "name": "pcanywhere-unauth-access(72996)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72996"
            },
            {
              "name": "48092",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/48092"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2012-0290",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), and Altiris Deployment Solution Remote pcAnywhere Solution 7.1 (aka 12.5.x and 12.6.x) do not properly handle the client state after abnormal termination of a remote session, which allows remote attackers to obtain access to the client by leveraging an \"open client session.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "51862",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/51862"
                },
                {
                  "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2012\u0026suid=20120124_00",
                  "refsource": "CONFIRM",
                  "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2012\u0026suid=20120124_00"
                },
                {
                  "name": "pcanywhere-unauth-access(72996)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72996"
                },
                {
                  "name": "48092",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/48092"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2012-0290",
        "datePublished": "2012-02-06T20:00:00.000Z",
        "dateReserved": "2012-01-04T00:00:00.000Z",
        "dateUpdated": "2024-08-06T18:23:29.301Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-3479 (GCVE-0-2011-3479)

    Vulnerability from nvd – Published: 2012-01-25 15:00 – Updated: 2024-08-06 23:37
    VLAI
    Summary
    Symantec pcAnywhere 12.5.x through 12.5.3, and IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), uses world-writable permissions for product-installation files, which allows local users to gain privileges by modifying a file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.symantec.com/security_response/securit… x_refsource_CONFIRM
    http://secunia.com/advisories/48092 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/51593 vdb-entryx_refsource_BID
    Date Public
    2012-01-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T23:37:47.661Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2012\u0026suid=20120124_00"
              },
              {
                "name": "48092",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/48092"
              },
              {
                "name": "51593",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/51593"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-01-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Symantec pcAnywhere 12.5.x through 12.5.3, and IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), uses world-writable permissions for product-installation files, which allows local users to gain privileges by modifying a file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-05T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2012\u0026suid=20120124_00"
            },
            {
              "name": "48092",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/48092"
            },
            {
              "name": "51593",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/51593"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-3479",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Symantec pcAnywhere 12.5.x through 12.5.3, and IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), uses world-writable permissions for product-installation files, which allows local users to gain privileges by modifying a file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2012\u0026suid=20120124_00",
                  "refsource": "CONFIRM",
                  "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2012\u0026suid=20120124_00"
                },
                {
                  "name": "48092",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/48092"
                },
                {
                  "name": "51593",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/51593"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-3479",
        "datePublished": "2012-01-25T15:00:00.000Z",
        "dateReserved": "2011-09-14T00:00:00.000Z",
        "dateUpdated": "2024-08-06T23:37:47.661Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-3478 (GCVE-0-2011-3478)

    Vulnerability from nvd – Published: 2012-01-25 15:00 – Updated: 2024-08-06 23:37
    VLAI
    Summary
    The host-services component in Symantec pcAnywhere 12.5.x through 12.5.3, and IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), does not properly filter login and authentication data, which allows remote attackers to execute arbitrary code via a crafted session on TCP port 5631.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://osvdb.org/show/osvdb/78532 vdb-entryx_refsource_OSVDB
    https://www.exploit-db.com/exploits/38599/ exploitx_refsource_EXPLOIT-DB
    http://www.securityfocus.com/bid/51592 vdb-entryx_refsource_BID
    http://www.symantec.com/security_response/securit… x_refsource_CONFIRM
    http://www.zerodayinitiative.com/advisories/ZDI-12-018/ x_refsource_CONFIRM
    http://secunia.com/advisories/48092 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2012-01-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T23:37:47.739Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "78532",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/show/osvdb/78532"
              },
              {
                "name": "38599",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/38599/"
              },
              {
                "name": "51592",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/51592"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2012\u0026suid=20120124_00"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.zerodayinitiative.com/advisories/ZDI-12-018/"
              },
              {
                "name": "48092",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/48092"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-01-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The host-services component in Symantec pcAnywhere 12.5.x through 12.5.3, and IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), does not properly filter login and authentication data, which allows remote attackers to execute arbitrary code via a crafted session on TCP port 5631."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-05T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "78532",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/show/osvdb/78532"
            },
            {
              "name": "38599",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/38599/"
            },
            {
              "name": "51592",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/51592"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2012\u0026suid=20120124_00"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-12-018/"
            },
            {
              "name": "48092",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/48092"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-3478",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The host-services component in Symantec pcAnywhere 12.5.x through 12.5.3, and IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), does not properly filter login and authentication data, which allows remote attackers to execute arbitrary code via a crafted session on TCP port 5631."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "78532",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/show/osvdb/78532"
                },
                {
                  "name": "38599",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/38599/"
                },
                {
                  "name": "51592",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/51592"
                },
                {
                  "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2012\u0026suid=20120124_00",
                  "refsource": "CONFIRM",
                  "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2012\u0026suid=20120124_00"
                },
                {
                  "name": "http://www.zerodayinitiative.com/advisories/ZDI-12-018/",
                  "refsource": "CONFIRM",
                  "url": "http://www.zerodayinitiative.com/advisories/ZDI-12-018/"
                },
                {
                  "name": "48092",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/48092"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-3478",
        "datePublished": "2012-01-25T15:00:00.000Z",
        "dateReserved": "2011-09-14T00:00:00.000Z",
        "dateUpdated": "2024-08-06T23:37:47.739Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-0538 (GCVE-0-2009-0538)

    Vulnerability from nvd – Published: 2009-03-18 15:00 – Updated: 2024-08-07 04:40
    VLAI
    Summary
    Format string vulnerability in Symantec pcAnywhere before 12.5 SP1 allows local users to read and modify arbitrary memory locations, and cause a denial of service (application crash) or possibly have unspecified other impact, via format string specifiers in the pathname of a remote control file (aka .CHF file).
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://securityresponse.symantec.com/avcenter/sec… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/33845 vdb-entryx_refsource_BID
    http://secunia.com/advisories/34305 third-party-advisoryx_refsource_SECUNIA
    http://securitytracker.com/id?1021855 vdb-entryx_refsource_SECTRACK
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://osvdb.org/52797 vdb-entryx_refsource_OSVDB
    http://www.vupen.com/english/advisories/2009/0755 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/archive/1/501930/100… mailing-listx_refsource_BUGTRAQ
    http://www.layereddefense.com/pcanywhere17mar.html x_refsource_MISC
    Date Public
    2009-03-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T04:40:05.050Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://securityresponse.symantec.com/avcenter/security/Content/2009.03.17.html"
              },
              {
                "name": "33845",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/33845"
              },
              {
                "name": "34305",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/34305"
              },
              {
                "name": "1021855",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1021855"
              },
              {
                "name": "symantec-pcanywhere-unspecified-dos(49291)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49291"
              },
              {
                "name": "52797",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/52797"
              },
              {
                "name": "ADV-2009-0755",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/0755"
              },
              {
                "name": "20090318 Layered Defense Research Advisory: Format String Vulnerablity in Symantec PcAnywhere v10-12.5",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/501930/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.layereddefense.com/pcanywhere17mar.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-03-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Format string vulnerability in Symantec pcAnywhere before 12.5 SP1 allows local users to read and modify arbitrary memory locations, and cause a denial of service (application crash) or possibly have unspecified other impact, via format string specifiers in the pathname of a remote control file (aka .CHF file)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://securityresponse.symantec.com/avcenter/security/Content/2009.03.17.html"
            },
            {
              "name": "33845",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/33845"
            },
            {
              "name": "34305",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/34305"
            },
            {
              "name": "1021855",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1021855"
            },
            {
              "name": "symantec-pcanywhere-unspecified-dos(49291)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49291"
            },
            {
              "name": "52797",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/52797"
            },
            {
              "name": "ADV-2009-0755",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/0755"
            },
            {
              "name": "20090318 Layered Defense Research Advisory: Format String Vulnerablity in Symantec PcAnywhere v10-12.5",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/501930/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.layereddefense.com/pcanywhere17mar.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-0538",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Format string vulnerability in Symantec pcAnywhere before 12.5 SP1 allows local users to read and modify arbitrary memory locations, and cause a denial of service (application crash) or possibly have unspecified other impact, via format string specifiers in the pathname of a remote control file (aka .CHF file)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://securityresponse.symantec.com/avcenter/security/Content/2009.03.17.html",
                  "refsource": "CONFIRM",
                  "url": "http://securityresponse.symantec.com/avcenter/security/Content/2009.03.17.html"
                },
                {
                  "name": "33845",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/33845"
                },
                {
                  "name": "34305",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/34305"
                },
                {
                  "name": "1021855",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1021855"
                },
                {
                  "name": "symantec-pcanywhere-unspecified-dos(49291)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49291"
                },
                {
                  "name": "52797",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/52797"
                },
                {
                  "name": "ADV-2009-0755",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/0755"
                },
                {
                  "name": "20090318 Layered Defense Research Advisory: Format String Vulnerablity in Symantec PcAnywhere v10-12.5",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/501930/100/0/threaded"
                },
                {
                  "name": "http://www.layereddefense.com/pcanywhere17mar.html",
                  "refsource": "MISC",
                  "url": "http://www.layereddefense.com/pcanywhere17mar.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-0538",
        "datePublished": "2009-03-18T15:00:00.000Z",
        "dateReserved": "2009-02-12T00:00:00.000Z",
        "dateUpdated": "2024-08-07T04:40:05.050Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-2619 (GCVE-0-2007-2619)

    Vulnerability from nvd – Published: 2007-05-11 16:00 – Updated: 2024-08-07 13:42
    VLAI
    Summary
    Symantec pcAnywhere 11.5.x and 12.0.x retains unencrypted login credentials for the most recent login within process memory, which allows local administrators to obtain the credentials by reading process memory, a different vulnerability than CVE-2006-3785.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.vupen.com/english/advisories/2007/1753 vdb-entryx_refsource_VUPEN
    http://osvdb.org/41982 vdb-entryx_refsource_OSVDB
    http://securityresponse.symantec.com/avcenter/sec… x_refsource_CONFIRM
    http://securitytracker.com/id?1018032 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/23875 vdb-entryx_refsource_BID
    Date Public
    2007-05-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T13:42:33.856Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "pcanywhere-memory-information-disclosure(34203)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34203"
              },
              {
                "name": "ADV-2007-1753",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/1753"
              },
              {
                "name": "41982",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/41982"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://securityresponse.symantec.com/avcenter/security/Content/2007.05.09b.html"
              },
              {
                "name": "1018032",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1018032"
              },
              {
                "name": "23875",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/23875"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-05-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Symantec pcAnywhere 11.5.x and 12.0.x retains unencrypted login credentials for the most recent login within process memory, which allows local administrators to obtain the credentials by reading process memory, a different vulnerability than CVE-2006-3785."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "pcanywhere-memory-information-disclosure(34203)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34203"
            },
            {
              "name": "ADV-2007-1753",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/1753"
            },
            {
              "name": "41982",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/41982"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://securityresponse.symantec.com/avcenter/security/Content/2007.05.09b.html"
            },
            {
              "name": "1018032",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1018032"
            },
            {
              "name": "23875",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/23875"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-2619",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Symantec pcAnywhere 11.5.x and 12.0.x retains unencrypted login credentials for the most recent login within process memory, which allows local administrators to obtain the credentials by reading process memory, a different vulnerability than CVE-2006-3785."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "pcanywhere-memory-information-disclosure(34203)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34203"
                },
                {
                  "name": "ADV-2007-1753",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/1753"
                },
                {
                  "name": "41982",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/41982"
                },
                {
                  "name": "http://securityresponse.symantec.com/avcenter/security/Content/2007.05.09b.html",
                  "refsource": "CONFIRM",
                  "url": "http://securityresponse.symantec.com/avcenter/security/Content/2007.05.09b.html"
                },
                {
                  "name": "1018032",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1018032"
                },
                {
                  "name": "23875",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/23875"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-2619",
        "datePublished": "2007-05-11T16:00:00.000Z",
        "dateReserved": "2007-05-11T00:00:00.000Z",
        "dateUpdated": "2024-08-07T13:42:33.856Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-4855 (GCVE-0-2006-4855)

    Vulnerability from nvd – Published: 2006-09-19 18:00 – Updated: 2024-08-07 19:23
    VLAI
    Summary
    The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.0.33, and other versions of Norton Personal Firewall, Internet Security, AntiVirus, SystemWorks, Symantec Client Security SCS 1.x, 2.x, 3.0, and 3.1, Symantec AntiVirus Corporate Edition SAVCE 8.x, 9.x, 10.0, and 10.1, Symantec pcAnywhere 11.5 only, and Symantec Host, allows local users to cause a denial of service (system crash) via invalid data, as demonstrated by calling DeviceIoControl to send the data.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://securitytracker.com/id?1016892 vdb-entryx_refsource_SECTRACK
    http://secunia.com/advisories/21938 third-party-advisoryx_refsource_SECUNIA
    http://securitytracker.com/id?1016893 vdb-entryx_refsource_SECTRACK
    http://securitytracker.com/id?1016895 vdb-entryx_refsource_SECTRACK
    http://securitytracker.com/id?1016889 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/archive/1/446111/100… mailing-listx_refsource_BUGTRAQ
    http://securitytracker.com/id?1016897 vdb-entryx_refsource_SECTRACK
    http://securityreason.com/securityalert/1591 third-party-advisoryx_refsource_SREASON
    http://securitytracker.com/id?1016896 vdb-entryx_refsource_SECTRACK
    http://www.matousec.com/info/advisories/Norton-In… x_refsource_MISC
    http://www.securityfocus.com/bid/20051 vdb-entryx_refsource_BID
    http://securityresponse.symantec.com/avcenter/sec… x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2006/3636 vdb-entryx_refsource_VUPEN
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://securitytracker.com/id?1016894 vdb-entryx_refsource_SECTRACK
    http://securitytracker.com/id?1016898 vdb-entryx_refsource_SECTRACK
    Date Public
    2006-09-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T19:23:41.469Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1016892",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016892"
              },
              {
                "name": "21938",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/21938"
              },
              {
                "name": "1016893",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016893"
              },
              {
                "name": "1016895",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016895"
              },
              {
                "name": "1016889",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016889"
              },
              {
                "name": "20060915 Symantec Norton Insufficient validation of \u0027SymEvent\u0027 driver input buffer",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/446111/100/0/threaded"
              },
              {
                "name": "1016897",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016897"
              },
              {
                "name": "1591",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/1591"
              },
              {
                "name": "1016896",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016896"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.matousec.com/info/advisories/Norton-Insufficient-validation-of-SymEvent-driver-input-buffer.php"
              },
              {
                "name": "20051",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/20051"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.09.20a.html"
              },
              {
                "name": "ADV-2006-3636",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/3636"
              },
              {
                "name": "symantec-firewall-symevent-dos(28960)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28960"
              },
              {
                "name": "1016894",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016894"
              },
              {
                "name": "1016898",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016898"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-09-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The \\Device\\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.0.33, and other versions of Norton Personal Firewall, Internet Security, AntiVirus, SystemWorks, Symantec Client Security SCS 1.x, 2.x, 3.0, and 3.1, Symantec AntiVirus Corporate Edition SAVCE 8.x, 9.x, 10.0, and 10.1, Symantec pcAnywhere 11.5 only, and Symantec Host, allows local users to cause a denial of service (system crash) via invalid data, as demonstrated by calling DeviceIoControl to send the data."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-17T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "1016892",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016892"
            },
            {
              "name": "21938",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/21938"
            },
            {
              "name": "1016893",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016893"
            },
            {
              "name": "1016895",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016895"
            },
            {
              "name": "1016889",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016889"
            },
            {
              "name": "20060915 Symantec Norton Insufficient validation of \u0027SymEvent\u0027 driver input buffer",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/446111/100/0/threaded"
            },
            {
              "name": "1016897",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016897"
            },
            {
              "name": "1591",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/1591"
            },
            {
              "name": "1016896",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016896"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.matousec.com/info/advisories/Norton-Insufficient-validation-of-SymEvent-driver-input-buffer.php"
            },
            {
              "name": "20051",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/20051"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.09.20a.html"
            },
            {
              "name": "ADV-2006-3636",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/3636"
            },
            {
              "name": "symantec-firewall-symevent-dos(28960)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28960"
            },
            {
              "name": "1016894",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016894"
            },
            {
              "name": "1016898",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016898"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-4855",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The \\Device\\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.0.33, and other versions of Norton Personal Firewall, Internet Security, AntiVirus, SystemWorks, Symantec Client Security SCS 1.x, 2.x, 3.0, and 3.1, Symantec AntiVirus Corporate Edition SAVCE 8.x, 9.x, 10.0, and 10.1, Symantec pcAnywhere 11.5 only, and Symantec Host, allows local users to cause a denial of service (system crash) via invalid data, as demonstrated by calling DeviceIoControl to send the data."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1016892",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016892"
                },
                {
                  "name": "21938",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/21938"
                },
                {
                  "name": "1016893",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016893"
                },
                {
                  "name": "1016895",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016895"
                },
                {
                  "name": "1016889",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016889"
                },
                {
                  "name": "20060915 Symantec Norton Insufficient validation of \u0027SymEvent\u0027 driver input buffer",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/446111/100/0/threaded"
                },
                {
                  "name": "1016897",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016897"
                },
                {
                  "name": "1591",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/1591"
                },
                {
                  "name": "1016896",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016896"
                },
                {
                  "name": "http://www.matousec.com/info/advisories/Norton-Insufficient-validation-of-SymEvent-driver-input-buffer.php",
                  "refsource": "MISC",
                  "url": "http://www.matousec.com/info/advisories/Norton-Insufficient-validation-of-SymEvent-driver-input-buffer.php"
                },
                {
                  "name": "20051",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/20051"
                },
                {
                  "name": "http://securityresponse.symantec.com/avcenter/security/Content/2006.09.20a.html",
                  "refsource": "CONFIRM",
                  "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.09.20a.html"
                },
                {
                  "name": "ADV-2006-3636",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/3636"
                },
                {
                  "name": "symantec-firewall-symevent-dos(28960)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28960"
                },
                {
                  "name": "1016894",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016894"
                },
                {
                  "name": "1016898",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016898"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-4855",
        "datePublished": "2006-09-19T18:00:00.000Z",
        "dateReserved": "2006-09-19T00:00:00.000Z",
        "dateUpdated": "2024-08-07T19:23:41.469Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-3786 (GCVE-0-2006-3786)

    Vulnerability from nvd – Published: 2006-07-21 21:00 – Updated: 2024-08-07 18:39
    VLAI
    Summary
    Symantec pcAnywhere 12.5 uses weak integrity protection for .cif (aka caller or CallerID) files, which allows local users to generate a custom .cif file and modify the superuser flag.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://securitytracker.com/id?1016534 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/archive/1/440448/100… mailing-listx_refsource_BUGTRAQ
    http://www.digitalbullets.org/?p=3 x_refsource_MISC
    http://securityreason.com/securityalert/1261 third-party-advisoryx_refsource_SREASON
    Date Public
    2006-07-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T18:39:54.086Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1016534",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016534"
              },
              {
                "name": "20060718 PcAnywhere \u003e 12 Local Privilege Escalation",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/440448/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.digitalbullets.org/?p=3"
              },
              {
                "name": "1261",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/1261"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-07-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Symantec pcAnywhere 12.5 uses weak integrity protection for .cif (aka caller or CallerID) files, which allows local users to generate a custom .cif file and modify the superuser flag."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-17T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "1016534",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016534"
            },
            {
              "name": "20060718 PcAnywhere \u003e 12 Local Privilege Escalation",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/440448/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.digitalbullets.org/?p=3"
            },
            {
              "name": "1261",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/1261"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-3786",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Symantec pcAnywhere 12.5 uses weak integrity protection for .cif (aka caller or CallerID) files, which allows local users to generate a custom .cif file and modify the superuser flag."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1016534",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016534"
                },
                {
                  "name": "20060718 PcAnywhere \u003e 12 Local Privilege Escalation",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/440448/100/0/threaded"
                },
                {
                  "name": "http://www.digitalbullets.org/?p=3",
                  "refsource": "MISC",
                  "url": "http://www.digitalbullets.org/?p=3"
                },
                {
                  "name": "1261",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/1261"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-3786",
        "datePublished": "2006-07-21T21:00:00.000Z",
        "dateReserved": "2006-07-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T18:39:54.086Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-3785 (GCVE-0-2006-3785)

    Vulnerability from nvd – Published: 2006-07-21 21:00 – Updated: 2024-08-07 18:39
    VLAI
    Summary
    Symantec pcAnywhere 12.5 obfuscates the passwords in a GUI textbox with asterisks but does not encrypt them in the associated .cif (aka caller or CallerID) file, which allows local users to obtain the passwords from the window using tools such as Nirsoft Asterwin.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/archive/1/440448/100… mailing-listx_refsource_BUGTRAQ
    http://www.digitalbullets.org/?p=3 x_refsource_MISC
    http://securityreason.com/securityalert/1261 third-party-advisoryx_refsource_SREASON
    Date Public
    2006-07-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T18:39:54.156Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20060718 PcAnywhere \u003e 12 Local Privilege Escalation",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/440448/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.digitalbullets.org/?p=3"
              },
              {
                "name": "1261",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/1261"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-07-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Symantec pcAnywhere 12.5 obfuscates the passwords in a GUI textbox with asterisks but does not encrypt them in the associated .cif (aka caller or CallerID) file, which allows local users to obtain the passwords from the window using tools such as Nirsoft Asterwin."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-17T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20060718 PcAnywhere \u003e 12 Local Privilege Escalation",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/440448/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.digitalbullets.org/?p=3"
            },
            {
              "name": "1261",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/1261"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-3785",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Symantec pcAnywhere 12.5 obfuscates the passwords in a GUI textbox with asterisks but does not encrypt them in the associated .cif (aka caller or CallerID) file, which allows local users to obtain the passwords from the window using tools such as Nirsoft Asterwin."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20060718 PcAnywhere \u003e 12 Local Privilege Escalation",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/440448/100/0/threaded"
                },
                {
                  "name": "http://www.digitalbullets.org/?p=3",
                  "refsource": "MISC",
                  "url": "http://www.digitalbullets.org/?p=3"
                },
                {
                  "name": "1261",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/1261"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-3785",
        "datePublished": "2006-07-21T21:00:00.000Z",
        "dateReserved": "2006-07-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T18:39:54.156Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-3784 (GCVE-0-2006-3784)

    Vulnerability from nvd – Published: 2006-07-21 21:00 – Updated: 2024-08-07 18:39
    VLAI
    Summary
    Symantec pcAnywhere 12.5 uses weak default permissions for the "Symantec\pcAnywhere\Hosts" folder, which allows local users to gain privileges by inserting a superuser .cif (aka caller or CallerID) file into the folder, and then using a pcAnywhere client to login as a local administrator.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/21113 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2006/2874 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/archive/1/440448/100… mailing-listx_refsource_BUGTRAQ
    http://www.digitalbullets.org/?p=3 x_refsource_MISC
    http://securityreason.com/securityalert/1261 third-party-advisoryx_refsource_SREASON
    Date Public
    2006-07-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T18:39:54.089Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "21113",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/21113"
              },
              {
                "name": "ADV-2006-2874",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/2874"
              },
              {
                "name": "20060718 PcAnywhere \u003e 12 Local Privilege Escalation",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/440448/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.digitalbullets.org/?p=3"
              },
              {
                "name": "1261",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/1261"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-07-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Symantec pcAnywhere 12.5 uses weak default permissions for the \"Symantec\\pcAnywhere\\Hosts\" folder, which allows local users to gain privileges by inserting a superuser .cif (aka caller or CallerID) file into the folder, and then using a pcAnywhere client to login as a local administrator."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-17T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "21113",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/21113"
            },
            {
              "name": "ADV-2006-2874",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/2874"
            },
            {
              "name": "20060718 PcAnywhere \u003e 12 Local Privilege Escalation",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/440448/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.digitalbullets.org/?p=3"
            },
            {
              "name": "1261",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/1261"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-3784",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Symantec pcAnywhere 12.5 uses weak default permissions for the \"Symantec\\pcAnywhere\\Hosts\" folder, which allows local users to gain privileges by inserting a superuser .cif (aka caller or CallerID) file into the folder, and then using a pcAnywhere client to login as a local administrator."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "21113",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/21113"
                },
                {
                  "name": "ADV-2006-2874",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/2874"
                },
                {
                  "name": "20060718 PcAnywhere \u003e 12 Local Privilege Escalation",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/440448/100/0/threaded"
                },
                {
                  "name": "http://www.digitalbullets.org/?p=3",
                  "refsource": "MISC",
                  "url": "http://www.digitalbullets.org/?p=3"
                },
                {
                  "name": "1261",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/1261"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-3784",
        "datePublished": "2006-07-21T21:00:00.000Z",
        "dateReserved": "2006-07-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T18:39:54.089Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-3934 (GCVE-0-2005-3934)

    Vulnerability from nvd – Published: 2005-12-01 11:00 – Updated: 2024-08-07 23:31
    VLAI
    Summary
    Buffer overflow in Symantec pcAnywhere 11.0.1, 11.5.1, and all other 32-bit versions allows remote attackers to cause a denial of service (application crash) via unknown attack vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/17797 third-party-advisoryx_refsource_SECUNIA
    http://www.symantec.com/avcenter/security/Content… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/15646 vdb-entryx_refsource_BID
    http://securitytracker.com/id?1015284 vdb-entryx_refsource_SECTRACK
    http://www.vupen.com/english/advisories/2005/2658 vdb-entryx_refsource_VUPEN
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2005-11-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T23:31:48.921Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "17797",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17797"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.symantec.com/avcenter/security/Content/2005.11.29.html"
              },
              {
                "name": "15646",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/15646"
              },
              {
                "name": "1015284",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1015284"
              },
              {
                "name": "ADV-2005-2658",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2005/2658"
              },
              {
                "name": "symantec-pcanywhere-bo(23298)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23298"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-11-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Buffer overflow in Symantec pcAnywhere 11.0.1, 11.5.1, and all other 32-bit versions allows remote attackers to cause a denial of service (application crash) via unknown attack vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-19T15:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "17797",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17797"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.symantec.com/avcenter/security/Content/2005.11.29.html"
            },
            {
              "name": "15646",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/15646"
            },
            {
              "name": "1015284",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1015284"
            },
            {
              "name": "ADV-2005-2658",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2005/2658"
            },
            {
              "name": "symantec-pcanywhere-bo(23298)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23298"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2005-3934",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Buffer overflow in Symantec pcAnywhere 11.0.1, 11.5.1, and all other 32-bit versions allows remote attackers to cause a denial of service (application crash) via unknown attack vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "17797",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17797"
                },
                {
                  "name": "http://www.symantec.com/avcenter/security/Content/2005.11.29.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.symantec.com/avcenter/security/Content/2005.11.29.html"
                },
                {
                  "name": "15646",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/15646"
                },
                {
                  "name": "1015284",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1015284"
                },
                {
                  "name": "ADV-2005-2658",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2005/2658"
                },
                {
                  "name": "symantec-pcanywhere-bo(23298)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23298"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2005-3934",
        "datePublished": "2005-12-01T11:00:00.000Z",
        "dateReserved": "2005-12-01T00:00:00.000Z",
        "dateUpdated": "2024-08-07T23:31:48.921Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-1970 (GCVE-0-2005-1970)

    Vulnerability from nvd – Published: 2005-06-14 04:00 – Updated: 2024-08-07 22:06
    VLAI
    Summary
    Symantec pcAnywhere 10.5x and 11.x before 11.5, with "Launch with Windows" enabled, allows local users with physical access to execute arbitrary commands via the Caller Properties feature.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/15673 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/13933 vdb-entryx_refsource_BID
    http://securitytracker.com/id?1014178 vdb-entryx_refsource_SECTRACK
    http://securityresponse.symantec.com/avcenter/sec… x_refsource_CONFIRM
    Date Public
    2005-06-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T22:06:57.895Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "15673",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/15673"
              },
              {
                "name": "13933",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/13933"
              },
              {
                "name": "1014178",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1014178"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://securityresponse.symantec.com/avcenter/security/Content/2005.06.10.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-06-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Symantec pcAnywhere 10.5x and 11.x before 11.5, with \"Launch with Windows\" enabled, allows local users with physical access to execute arbitrary commands via the Caller Properties feature."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2006-01-12T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "15673",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/15673"
            },
            {
              "name": "13933",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/13933"
            },
            {
              "name": "1014178",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1014178"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://securityresponse.symantec.com/avcenter/security/Content/2005.06.10.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2005-1970",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Symantec pcAnywhere 10.5x and 11.x before 11.5, with \"Launch with Windows\" enabled, allows local users with physical access to execute arbitrary commands via the Caller Properties feature."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "15673",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/15673"
                },
                {
                  "name": "13933",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/13933"
                },
                {
                  "name": "1014178",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1014178"
                },
                {
                  "name": "http://securityresponse.symantec.com/avcenter/security/Content/2005.06.10.html",
                  "refsource": "CONFIRM",
                  "url": "http://securityresponse.symantec.com/avcenter/security/Content/2005.06.10.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2005-1970",
        "datePublished": "2005-06-14T04:00:00.000Z",
        "dateReserved": "2005-06-14T00:00:00.000Z",
        "dateUpdated": "2024-08-07T22:06:57.895Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2003-0936 (GCVE-0-2003-0936)

    Vulnerability from nvd – Published: 2003-11-18 05:00 – Updated: 2024-08-08 02:12
    VLAI
    Summary
    Symantec PCAnywhere 10.x and 11, when started as a service, allows attackers to gain SYSTEM privileges via the help interface using AWHOST32.exe.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2003-11-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T02:12:34.843Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://securityresponse.symantec.com/avcenter/security/Content/2003.11.13.html"
              },
              {
                "name": "20031113 RE: Secure Network Operations SRT2003-11-13-0218, PCAnywhere allows local users to become SYSTEM",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=106876107330752\u0026w=2"
              },
              {
                "name": "20031113 SRT2003-11-13-0218 - PCAnywhere local SYSTEM exploit",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=106875764826251\u0026w=2"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2003-11-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Symantec PCAnywhere 10.x and 11, when started as a service, allows attackers to gain SYSTEM privileges via the help interface using AWHOST32.exe."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-10-17T13:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://securityresponse.symantec.com/avcenter/security/Content/2003.11.13.html"
            },
            {
              "name": "20031113 RE: Secure Network Operations SRT2003-11-13-0218, PCAnywhere allows local users to become SYSTEM",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=106876107330752\u0026w=2"
            },
            {
              "name": "20031113 SRT2003-11-13-0218 - PCAnywhere local SYSTEM exploit",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=106875764826251\u0026w=2"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2003-0936",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Symantec PCAnywhere 10.x and 11, when started as a service, allows attackers to gain SYSTEM privileges via the help interface using AWHOST32.exe."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://securityresponse.symantec.com/avcenter/security/Content/2003.11.13.html",
                  "refsource": "CONFIRM",
                  "url": "http://securityresponse.symantec.com/avcenter/security/Content/2003.11.13.html"
                },
                {
                  "name": "20031113 RE: Secure Network Operations SRT2003-11-13-0218, PCAnywhere allows local users to become SYSTEM",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=106876107330752\u0026w=2"
                },
                {
                  "name": "20031113 SRT2003-11-13-0218 - PCAnywhere local SYSTEM exploit",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=106875764826251\u0026w=2"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2003-0936",
        "datePublished": "2003-11-18T05:00:00.000Z",
        "dateReserved": "2003-11-10T00:00:00.000Z",
        "dateUpdated": "2024-08-08T02:12:34.843Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-0292 (GCVE-0-2012-0292)

    Vulnerability from cvelistv5 – Published: 2012-03-08 02:00 – Updated: 2024-08-06 18:23
    VLAI
    Summary
    The awhost32 service in Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), and Altiris Deployment Solution Remote pcAnywhere Solution 7.1 (aka 12.5.x and 12.6.x) allows remote attackers to cause a denial of service (daemon crash) via a crafted TCP session on port 5631.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/52094 vdb-entryx_refsource_BID
    http://www.exploit-db.com/exploits/18493/ exploitx_refsource_EXPLOIT-DB
    http://www.symantec.com/security_response/securit… x_refsource_CONFIRM
    http://secunia.com/advisories/48092 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2012-02-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T18:23:29.362Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "52094",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/52094"
              },
              {
                "name": "18493",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "http://www.exploit-db.com/exploits/18493/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2012\u0026suid=20120301_00"
              },
              {
                "name": "48092",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/48092"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-02-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The awhost32 service in Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), and Altiris Deployment Solution Remote pcAnywhere Solution 7.1 (aka 12.5.x and 12.6.x) allows remote attackers to cause a denial of service (daemon crash) via a crafted TCP session on port 5631."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-05T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "52094",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/52094"
            },
            {
              "name": "18493",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "http://www.exploit-db.com/exploits/18493/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2012\u0026suid=20120301_00"
            },
            {
              "name": "48092",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/48092"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2012-0292",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The awhost32 service in Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), and Altiris Deployment Solution Remote pcAnywhere Solution 7.1 (aka 12.5.x and 12.6.x) allows remote attackers to cause a denial of service (daemon crash) via a crafted TCP session on port 5631."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "52094",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/52094"
                },
                {
                  "name": "18493",
                  "refsource": "EXPLOIT-DB",
                  "url": "http://www.exploit-db.com/exploits/18493/"
                },
                {
                  "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2012\u0026suid=20120301_00",
                  "refsource": "CONFIRM",
                  "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2012\u0026suid=20120301_00"
                },
                {
                  "name": "48092",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/48092"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2012-0292",
        "datePublished": "2012-03-08T02:00:00.000Z",
        "dateReserved": "2012-01-04T00:00:00.000Z",
        "dateUpdated": "2024-08-06T18:23:29.362Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-0291 (GCVE-0-2012-0291)

    Vulnerability from cvelistv5 – Published: 2012-02-22 11:00 – Updated: 2024-08-06 18:23
    VLAI
    Summary
    Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), and Altiris Deployment Solution Remote pcAnywhere Solution 7.1 (aka 12.5.x and 12.6.x) allow remote attackers to cause a denial of service (application crash or hang) via (1) malformed data from a client, (2) malformed data from a server, or (3) an invalid response.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.symantec.com/security_response/securit… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/51965 vdb-entryx_refsource_BID
    http://secunia.com/advisories/48092 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2012-02-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T18:23:30.070Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2012\u0026suid=20120124_00"
              },
              {
                "name": "51965",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/51965"
              },
              {
                "name": "48092",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/48092"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-02-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), and Altiris Deployment Solution Remote pcAnywhere Solution 7.1 (aka 12.5.x and 12.6.x) allow remote attackers to cause a denial of service (application crash or hang) via (1) malformed data from a client, (2) malformed data from a server, or (3) an invalid response."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-05T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2012\u0026suid=20120124_00"
            },
            {
              "name": "51965",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/51965"
            },
            {
              "name": "48092",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/48092"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2012-0291",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), and Altiris Deployment Solution Remote pcAnywhere Solution 7.1 (aka 12.5.x and 12.6.x) allow remote attackers to cause a denial of service (application crash or hang) via (1) malformed data from a client, (2) malformed data from a server, or (3) an invalid response."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2012\u0026suid=20120124_00",
                  "refsource": "CONFIRM",
                  "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2012\u0026suid=20120124_00"
                },
                {
                  "name": "51965",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/51965"
                },
                {
                  "name": "48092",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/48092"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2012-0291",
        "datePublished": "2012-02-22T11:00:00.000Z",
        "dateReserved": "2012-01-04T00:00:00.000Z",
        "dateUpdated": "2024-08-06T18:23:30.070Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-0290 (GCVE-0-2012-0290)

    Vulnerability from cvelistv5 – Published: 2012-02-06 20:00 – Updated: 2024-08-06 18:23
    VLAI
    Summary
    Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), and Altiris Deployment Solution Remote pcAnywhere Solution 7.1 (aka 12.5.x and 12.6.x) do not properly handle the client state after abnormal termination of a remote session, which allows remote attackers to obtain access to the client by leveraging an "open client session."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/51862 vdb-entryx_refsource_BID
    http://www.symantec.com/security_response/securit… x_refsource_CONFIRM
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/48092 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2012-02-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T18:23:29.301Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "51862",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/51862"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2012\u0026suid=20120124_00"
              },
              {
                "name": "pcanywhere-unauth-access(72996)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72996"
              },
              {
                "name": "48092",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/48092"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-02-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), and Altiris Deployment Solution Remote pcAnywhere Solution 7.1 (aka 12.5.x and 12.6.x) do not properly handle the client state after abnormal termination of a remote session, which allows remote attackers to obtain access to the client by leveraging an \"open client session.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-05T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "51862",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/51862"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2012\u0026suid=20120124_00"
            },
            {
              "name": "pcanywhere-unauth-access(72996)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72996"
            },
            {
              "name": "48092",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/48092"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2012-0290",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), and Altiris Deployment Solution Remote pcAnywhere Solution 7.1 (aka 12.5.x and 12.6.x) do not properly handle the client state after abnormal termination of a remote session, which allows remote attackers to obtain access to the client by leveraging an \"open client session.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "51862",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/51862"
                },
                {
                  "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2012\u0026suid=20120124_00",
                  "refsource": "CONFIRM",
                  "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2012\u0026suid=20120124_00"
                },
                {
                  "name": "pcanywhere-unauth-access(72996)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72996"
                },
                {
                  "name": "48092",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/48092"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2012-0290",
        "datePublished": "2012-02-06T20:00:00.000Z",
        "dateReserved": "2012-01-04T00:00:00.000Z",
        "dateUpdated": "2024-08-06T18:23:29.301Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-3478 (GCVE-0-2011-3478)

    Vulnerability from cvelistv5 – Published: 2012-01-25 15:00 – Updated: 2024-08-06 23:37
    VLAI
    Summary
    The host-services component in Symantec pcAnywhere 12.5.x through 12.5.3, and IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), does not properly filter login and authentication data, which allows remote attackers to execute arbitrary code via a crafted session on TCP port 5631.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://osvdb.org/show/osvdb/78532 vdb-entryx_refsource_OSVDB
    https://www.exploit-db.com/exploits/38599/ exploitx_refsource_EXPLOIT-DB
    http://www.securityfocus.com/bid/51592 vdb-entryx_refsource_BID
    http://www.symantec.com/security_response/securit… x_refsource_CONFIRM
    http://www.zerodayinitiative.com/advisories/ZDI-12-018/ x_refsource_CONFIRM
    http://secunia.com/advisories/48092 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2012-01-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T23:37:47.739Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "78532",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/show/osvdb/78532"
              },
              {
                "name": "38599",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/38599/"
              },
              {
                "name": "51592",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/51592"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2012\u0026suid=20120124_00"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.zerodayinitiative.com/advisories/ZDI-12-018/"
              },
              {
                "name": "48092",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/48092"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-01-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The host-services component in Symantec pcAnywhere 12.5.x through 12.5.3, and IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), does not properly filter login and authentication data, which allows remote attackers to execute arbitrary code via a crafted session on TCP port 5631."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-05T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "78532",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/show/osvdb/78532"
            },
            {
              "name": "38599",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/38599/"
            },
            {
              "name": "51592",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/51592"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2012\u0026suid=20120124_00"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-12-018/"
            },
            {
              "name": "48092",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/48092"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-3478",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The host-services component in Symantec pcAnywhere 12.5.x through 12.5.3, and IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), does not properly filter login and authentication data, which allows remote attackers to execute arbitrary code via a crafted session on TCP port 5631."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "78532",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/show/osvdb/78532"
                },
                {
                  "name": "38599",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/38599/"
                },
                {
                  "name": "51592",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/51592"
                },
                {
                  "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2012\u0026suid=20120124_00",
                  "refsource": "CONFIRM",
                  "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2012\u0026suid=20120124_00"
                },
                {
                  "name": "http://www.zerodayinitiative.com/advisories/ZDI-12-018/",
                  "refsource": "CONFIRM",
                  "url": "http://www.zerodayinitiative.com/advisories/ZDI-12-018/"
                },
                {
                  "name": "48092",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/48092"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-3478",
        "datePublished": "2012-01-25T15:00:00.000Z",
        "dateReserved": "2011-09-14T00:00:00.000Z",
        "dateUpdated": "2024-08-06T23:37:47.739Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-3479 (GCVE-0-2011-3479)

    Vulnerability from cvelistv5 – Published: 2012-01-25 15:00 – Updated: 2024-08-06 23:37
    VLAI
    Summary
    Symantec pcAnywhere 12.5.x through 12.5.3, and IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), uses world-writable permissions for product-installation files, which allows local users to gain privileges by modifying a file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.symantec.com/security_response/securit… x_refsource_CONFIRM
    http://secunia.com/advisories/48092 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/51593 vdb-entryx_refsource_BID
    Date Public
    2012-01-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T23:37:47.661Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2012\u0026suid=20120124_00"
              },
              {
                "name": "48092",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/48092"
              },
              {
                "name": "51593",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/51593"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-01-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Symantec pcAnywhere 12.5.x through 12.5.3, and IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), uses world-writable permissions for product-installation files, which allows local users to gain privileges by modifying a file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-05T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2012\u0026suid=20120124_00"
            },
            {
              "name": "48092",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/48092"
            },
            {
              "name": "51593",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/51593"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-3479",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Symantec pcAnywhere 12.5.x through 12.5.3, and IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), uses world-writable permissions for product-installation files, which allows local users to gain privileges by modifying a file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2012\u0026suid=20120124_00",
                  "refsource": "CONFIRM",
                  "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2012\u0026suid=20120124_00"
                },
                {
                  "name": "48092",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/48092"
                },
                {
                  "name": "51593",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/51593"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-3479",
        "datePublished": "2012-01-25T15:00:00.000Z",
        "dateReserved": "2011-09-14T00:00:00.000Z",
        "dateUpdated": "2024-08-06T23:37:47.661Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-0538 (GCVE-0-2009-0538)

    Vulnerability from cvelistv5 – Published: 2009-03-18 15:00 – Updated: 2024-08-07 04:40
    VLAI
    Summary
    Format string vulnerability in Symantec pcAnywhere before 12.5 SP1 allows local users to read and modify arbitrary memory locations, and cause a denial of service (application crash) or possibly have unspecified other impact, via format string specifiers in the pathname of a remote control file (aka .CHF file).
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://securityresponse.symantec.com/avcenter/sec… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/33845 vdb-entryx_refsource_BID
    http://secunia.com/advisories/34305 third-party-advisoryx_refsource_SECUNIA
    http://securitytracker.com/id?1021855 vdb-entryx_refsource_SECTRACK
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://osvdb.org/52797 vdb-entryx_refsource_OSVDB
    http://www.vupen.com/english/advisories/2009/0755 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/archive/1/501930/100… mailing-listx_refsource_BUGTRAQ
    http://www.layereddefense.com/pcanywhere17mar.html x_refsource_MISC
    Date Public
    2009-03-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T04:40:05.050Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://securityresponse.symantec.com/avcenter/security/Content/2009.03.17.html"
              },
              {
                "name": "33845",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/33845"
              },
              {
                "name": "34305",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/34305"
              },
              {
                "name": "1021855",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1021855"
              },
              {
                "name": "symantec-pcanywhere-unspecified-dos(49291)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49291"
              },
              {
                "name": "52797",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/52797"
              },
              {
                "name": "ADV-2009-0755",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/0755"
              },
              {
                "name": "20090318 Layered Defense Research Advisory: Format String Vulnerablity in Symantec PcAnywhere v10-12.5",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/501930/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.layereddefense.com/pcanywhere17mar.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-03-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Format string vulnerability in Symantec pcAnywhere before 12.5 SP1 allows local users to read and modify arbitrary memory locations, and cause a denial of service (application crash) or possibly have unspecified other impact, via format string specifiers in the pathname of a remote control file (aka .CHF file)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://securityresponse.symantec.com/avcenter/security/Content/2009.03.17.html"
            },
            {
              "name": "33845",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/33845"
            },
            {
              "name": "34305",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/34305"
            },
            {
              "name": "1021855",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1021855"
            },
            {
              "name": "symantec-pcanywhere-unspecified-dos(49291)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49291"
            },
            {
              "name": "52797",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/52797"
            },
            {
              "name": "ADV-2009-0755",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/0755"
            },
            {
              "name": "20090318 Layered Defense Research Advisory: Format String Vulnerablity in Symantec PcAnywhere v10-12.5",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/501930/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.layereddefense.com/pcanywhere17mar.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-0538",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Format string vulnerability in Symantec pcAnywhere before 12.5 SP1 allows local users to read and modify arbitrary memory locations, and cause a denial of service (application crash) or possibly have unspecified other impact, via format string specifiers in the pathname of a remote control file (aka .CHF file)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://securityresponse.symantec.com/avcenter/security/Content/2009.03.17.html",
                  "refsource": "CONFIRM",
                  "url": "http://securityresponse.symantec.com/avcenter/security/Content/2009.03.17.html"
                },
                {
                  "name": "33845",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/33845"
                },
                {
                  "name": "34305",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/34305"
                },
                {
                  "name": "1021855",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1021855"
                },
                {
                  "name": "symantec-pcanywhere-unspecified-dos(49291)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49291"
                },
                {
                  "name": "52797",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/52797"
                },
                {
                  "name": "ADV-2009-0755",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/0755"
                },
                {
                  "name": "20090318 Layered Defense Research Advisory: Format String Vulnerablity in Symantec PcAnywhere v10-12.5",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/501930/100/0/threaded"
                },
                {
                  "name": "http://www.layereddefense.com/pcanywhere17mar.html",
                  "refsource": "MISC",
                  "url": "http://www.layereddefense.com/pcanywhere17mar.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-0538",
        "datePublished": "2009-03-18T15:00:00.000Z",
        "dateReserved": "2009-02-12T00:00:00.000Z",
        "dateUpdated": "2024-08-07T04:40:05.050Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-2619 (GCVE-0-2007-2619)

    Vulnerability from cvelistv5 – Published: 2007-05-11 16:00 – Updated: 2024-08-07 13:42
    VLAI
    Summary
    Symantec pcAnywhere 11.5.x and 12.0.x retains unencrypted login credentials for the most recent login within process memory, which allows local administrators to obtain the credentials by reading process memory, a different vulnerability than CVE-2006-3785.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.vupen.com/english/advisories/2007/1753 vdb-entryx_refsource_VUPEN
    http://osvdb.org/41982 vdb-entryx_refsource_OSVDB
    http://securityresponse.symantec.com/avcenter/sec… x_refsource_CONFIRM
    http://securitytracker.com/id?1018032 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/23875 vdb-entryx_refsource_BID
    Date Public
    2007-05-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T13:42:33.856Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "pcanywhere-memory-information-disclosure(34203)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34203"
              },
              {
                "name": "ADV-2007-1753",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/1753"
              },
              {
                "name": "41982",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/41982"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://securityresponse.symantec.com/avcenter/security/Content/2007.05.09b.html"
              },
              {
                "name": "1018032",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1018032"
              },
              {
                "name": "23875",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/23875"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-05-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Symantec pcAnywhere 11.5.x and 12.0.x retains unencrypted login credentials for the most recent login within process memory, which allows local administrators to obtain the credentials by reading process memory, a different vulnerability than CVE-2006-3785."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "pcanywhere-memory-information-disclosure(34203)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34203"
            },
            {
              "name": "ADV-2007-1753",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/1753"
            },
            {
              "name": "41982",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/41982"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://securityresponse.symantec.com/avcenter/security/Content/2007.05.09b.html"
            },
            {
              "name": "1018032",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1018032"
            },
            {
              "name": "23875",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/23875"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-2619",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Symantec pcAnywhere 11.5.x and 12.0.x retains unencrypted login credentials for the most recent login within process memory, which allows local administrators to obtain the credentials by reading process memory, a different vulnerability than CVE-2006-3785."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "pcanywhere-memory-information-disclosure(34203)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34203"
                },
                {
                  "name": "ADV-2007-1753",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/1753"
                },
                {
                  "name": "41982",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/41982"
                },
                {
                  "name": "http://securityresponse.symantec.com/avcenter/security/Content/2007.05.09b.html",
                  "refsource": "CONFIRM",
                  "url": "http://securityresponse.symantec.com/avcenter/security/Content/2007.05.09b.html"
                },
                {
                  "name": "1018032",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1018032"
                },
                {
                  "name": "23875",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/23875"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-2619",
        "datePublished": "2007-05-11T16:00:00.000Z",
        "dateReserved": "2007-05-11T00:00:00.000Z",
        "dateUpdated": "2024-08-07T13:42:33.856Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-4855 (GCVE-0-2006-4855)

    Vulnerability from cvelistv5 – Published: 2006-09-19 18:00 – Updated: 2024-08-07 19:23
    VLAI
    Summary
    The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.0.33, and other versions of Norton Personal Firewall, Internet Security, AntiVirus, SystemWorks, Symantec Client Security SCS 1.x, 2.x, 3.0, and 3.1, Symantec AntiVirus Corporate Edition SAVCE 8.x, 9.x, 10.0, and 10.1, Symantec pcAnywhere 11.5 only, and Symantec Host, allows local users to cause a denial of service (system crash) via invalid data, as demonstrated by calling DeviceIoControl to send the data.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://securitytracker.com/id?1016892 vdb-entryx_refsource_SECTRACK
    http://secunia.com/advisories/21938 third-party-advisoryx_refsource_SECUNIA
    http://securitytracker.com/id?1016893 vdb-entryx_refsource_SECTRACK
    http://securitytracker.com/id?1016895 vdb-entryx_refsource_SECTRACK
    http://securitytracker.com/id?1016889 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/archive/1/446111/100… mailing-listx_refsource_BUGTRAQ
    http://securitytracker.com/id?1016897 vdb-entryx_refsource_SECTRACK
    http://securityreason.com/securityalert/1591 third-party-advisoryx_refsource_SREASON
    http://securitytracker.com/id?1016896 vdb-entryx_refsource_SECTRACK
    http://www.matousec.com/info/advisories/Norton-In… x_refsource_MISC
    http://www.securityfocus.com/bid/20051 vdb-entryx_refsource_BID
    http://securityresponse.symantec.com/avcenter/sec… x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2006/3636 vdb-entryx_refsource_VUPEN
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://securitytracker.com/id?1016894 vdb-entryx_refsource_SECTRACK
    http://securitytracker.com/id?1016898 vdb-entryx_refsource_SECTRACK
    Date Public
    2006-09-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T19:23:41.469Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1016892",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016892"
              },
              {
                "name": "21938",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/21938"
              },
              {
                "name": "1016893",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016893"
              },
              {
                "name": "1016895",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016895"
              },
              {
                "name": "1016889",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016889"
              },
              {
                "name": "20060915 Symantec Norton Insufficient validation of \u0027SymEvent\u0027 driver input buffer",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/446111/100/0/threaded"
              },
              {
                "name": "1016897",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016897"
              },
              {
                "name": "1591",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/1591"
              },
              {
                "name": "1016896",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016896"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.matousec.com/info/advisories/Norton-Insufficient-validation-of-SymEvent-driver-input-buffer.php"
              },
              {
                "name": "20051",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/20051"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.09.20a.html"
              },
              {
                "name": "ADV-2006-3636",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/3636"
              },
              {
                "name": "symantec-firewall-symevent-dos(28960)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28960"
              },
              {
                "name": "1016894",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016894"
              },
              {
                "name": "1016898",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016898"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-09-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The \\Device\\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.0.33, and other versions of Norton Personal Firewall, Internet Security, AntiVirus, SystemWorks, Symantec Client Security SCS 1.x, 2.x, 3.0, and 3.1, Symantec AntiVirus Corporate Edition SAVCE 8.x, 9.x, 10.0, and 10.1, Symantec pcAnywhere 11.5 only, and Symantec Host, allows local users to cause a denial of service (system crash) via invalid data, as demonstrated by calling DeviceIoControl to send the data."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-17T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "1016892",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016892"
            },
            {
              "name": "21938",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/21938"
            },
            {
              "name": "1016893",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016893"
            },
            {
              "name": "1016895",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016895"
            },
            {
              "name": "1016889",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016889"
            },
            {
              "name": "20060915 Symantec Norton Insufficient validation of \u0027SymEvent\u0027 driver input buffer",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/446111/100/0/threaded"
            },
            {
              "name": "1016897",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016897"
            },
            {
              "name": "1591",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/1591"
            },
            {
              "name": "1016896",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016896"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.matousec.com/info/advisories/Norton-Insufficient-validation-of-SymEvent-driver-input-buffer.php"
            },
            {
              "name": "20051",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/20051"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.09.20a.html"
            },
            {
              "name": "ADV-2006-3636",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/3636"
            },
            {
              "name": "symantec-firewall-symevent-dos(28960)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28960"
            },
            {
              "name": "1016894",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016894"
            },
            {
              "name": "1016898",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016898"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-4855",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The \\Device\\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.0.33, and other versions of Norton Personal Firewall, Internet Security, AntiVirus, SystemWorks, Symantec Client Security SCS 1.x, 2.x, 3.0, and 3.1, Symantec AntiVirus Corporate Edition SAVCE 8.x, 9.x, 10.0, and 10.1, Symantec pcAnywhere 11.5 only, and Symantec Host, allows local users to cause a denial of service (system crash) via invalid data, as demonstrated by calling DeviceIoControl to send the data."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1016892",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016892"
                },
                {
                  "name": "21938",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/21938"
                },
                {
                  "name": "1016893",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016893"
                },
                {
                  "name": "1016895",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016895"
                },
                {
                  "name": "1016889",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016889"
                },
                {
                  "name": "20060915 Symantec Norton Insufficient validation of \u0027SymEvent\u0027 driver input buffer",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/446111/100/0/threaded"
                },
                {
                  "name": "1016897",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016897"
                },
                {
                  "name": "1591",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/1591"
                },
                {
                  "name": "1016896",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016896"
                },
                {
                  "name": "http://www.matousec.com/info/advisories/Norton-Insufficient-validation-of-SymEvent-driver-input-buffer.php",
                  "refsource": "MISC",
                  "url": "http://www.matousec.com/info/advisories/Norton-Insufficient-validation-of-SymEvent-driver-input-buffer.php"
                },
                {
                  "name": "20051",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/20051"
                },
                {
                  "name": "http://securityresponse.symantec.com/avcenter/security/Content/2006.09.20a.html",
                  "refsource": "CONFIRM",
                  "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.09.20a.html"
                },
                {
                  "name": "ADV-2006-3636",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/3636"
                },
                {
                  "name": "symantec-firewall-symevent-dos(28960)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28960"
                },
                {
                  "name": "1016894",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016894"
                },
                {
                  "name": "1016898",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016898"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-4855",
        "datePublished": "2006-09-19T18:00:00.000Z",
        "dateReserved": "2006-09-19T00:00:00.000Z",
        "dateUpdated": "2024-08-07T19:23:41.469Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-3786 (GCVE-0-2006-3786)

    Vulnerability from cvelistv5 – Published: 2006-07-21 21:00 – Updated: 2024-08-07 18:39
    VLAI
    Summary
    Symantec pcAnywhere 12.5 uses weak integrity protection for .cif (aka caller or CallerID) files, which allows local users to generate a custom .cif file and modify the superuser flag.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://securitytracker.com/id?1016534 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/archive/1/440448/100… mailing-listx_refsource_BUGTRAQ
    http://www.digitalbullets.org/?p=3 x_refsource_MISC
    http://securityreason.com/securityalert/1261 third-party-advisoryx_refsource_SREASON
    Date Public
    2006-07-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T18:39:54.086Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1016534",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016534"
              },
              {
                "name": "20060718 PcAnywhere \u003e 12 Local Privilege Escalation",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/440448/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.digitalbullets.org/?p=3"
              },
              {
                "name": "1261",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/1261"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-07-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Symantec pcAnywhere 12.5 uses weak integrity protection for .cif (aka caller or CallerID) files, which allows local users to generate a custom .cif file and modify the superuser flag."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-17T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "1016534",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016534"
            },
            {
              "name": "20060718 PcAnywhere \u003e 12 Local Privilege Escalation",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/440448/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.digitalbullets.org/?p=3"
            },
            {
              "name": "1261",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/1261"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-3786",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Symantec pcAnywhere 12.5 uses weak integrity protection for .cif (aka caller or CallerID) files, which allows local users to generate a custom .cif file and modify the superuser flag."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1016534",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016534"
                },
                {
                  "name": "20060718 PcAnywhere \u003e 12 Local Privilege Escalation",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/440448/100/0/threaded"
                },
                {
                  "name": "http://www.digitalbullets.org/?p=3",
                  "refsource": "MISC",
                  "url": "http://www.digitalbullets.org/?p=3"
                },
                {
                  "name": "1261",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/1261"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-3786",
        "datePublished": "2006-07-21T21:00:00.000Z",
        "dateReserved": "2006-07-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T18:39:54.086Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-3785 (GCVE-0-2006-3785)

    Vulnerability from cvelistv5 – Published: 2006-07-21 21:00 – Updated: 2024-08-07 18:39
    VLAI
    Summary
    Symantec pcAnywhere 12.5 obfuscates the passwords in a GUI textbox with asterisks but does not encrypt them in the associated .cif (aka caller or CallerID) file, which allows local users to obtain the passwords from the window using tools such as Nirsoft Asterwin.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/archive/1/440448/100… mailing-listx_refsource_BUGTRAQ
    http://www.digitalbullets.org/?p=3 x_refsource_MISC
    http://securityreason.com/securityalert/1261 third-party-advisoryx_refsource_SREASON
    Date Public
    2006-07-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T18:39:54.156Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20060718 PcAnywhere \u003e 12 Local Privilege Escalation",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/440448/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.digitalbullets.org/?p=3"
              },
              {
                "name": "1261",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/1261"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-07-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Symantec pcAnywhere 12.5 obfuscates the passwords in a GUI textbox with asterisks but does not encrypt them in the associated .cif (aka caller or CallerID) file, which allows local users to obtain the passwords from the window using tools such as Nirsoft Asterwin."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-17T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20060718 PcAnywhere \u003e 12 Local Privilege Escalation",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/440448/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.digitalbullets.org/?p=3"
            },
            {
              "name": "1261",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/1261"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-3785",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Symantec pcAnywhere 12.5 obfuscates the passwords in a GUI textbox with asterisks but does not encrypt them in the associated .cif (aka caller or CallerID) file, which allows local users to obtain the passwords from the window using tools such as Nirsoft Asterwin."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20060718 PcAnywhere \u003e 12 Local Privilege Escalation",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/440448/100/0/threaded"
                },
                {
                  "name": "http://www.digitalbullets.org/?p=3",
                  "refsource": "MISC",
                  "url": "http://www.digitalbullets.org/?p=3"
                },
                {
                  "name": "1261",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/1261"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-3785",
        "datePublished": "2006-07-21T21:00:00.000Z",
        "dateReserved": "2006-07-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T18:39:54.156Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-3784 (GCVE-0-2006-3784)

    Vulnerability from cvelistv5 – Published: 2006-07-21 21:00 – Updated: 2024-08-07 18:39
    VLAI
    Summary
    Symantec pcAnywhere 12.5 uses weak default permissions for the "Symantec\pcAnywhere\Hosts" folder, which allows local users to gain privileges by inserting a superuser .cif (aka caller or CallerID) file into the folder, and then using a pcAnywhere client to login as a local administrator.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/21113 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2006/2874 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/archive/1/440448/100… mailing-listx_refsource_BUGTRAQ
    http://www.digitalbullets.org/?p=3 x_refsource_MISC
    http://securityreason.com/securityalert/1261 third-party-advisoryx_refsource_SREASON
    Date Public
    2006-07-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T18:39:54.089Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "21113",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/21113"
              },
              {
                "name": "ADV-2006-2874",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/2874"
              },
              {
                "name": "20060718 PcAnywhere \u003e 12 Local Privilege Escalation",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/440448/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.digitalbullets.org/?p=3"
              },
              {
                "name": "1261",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/1261"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-07-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Symantec pcAnywhere 12.5 uses weak default permissions for the \"Symantec\\pcAnywhere\\Hosts\" folder, which allows local users to gain privileges by inserting a superuser .cif (aka caller or CallerID) file into the folder, and then using a pcAnywhere client to login as a local administrator."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-17T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "21113",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/21113"
            },
            {
              "name": "ADV-2006-2874",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/2874"
            },
            {
              "name": "20060718 PcAnywhere \u003e 12 Local Privilege Escalation",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/440448/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.digitalbullets.org/?p=3"
            },
            {
              "name": "1261",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/1261"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-3784",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Symantec pcAnywhere 12.5 uses weak default permissions for the \"Symantec\\pcAnywhere\\Hosts\" folder, which allows local users to gain privileges by inserting a superuser .cif (aka caller or CallerID) file into the folder, and then using a pcAnywhere client to login as a local administrator."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "21113",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/21113"
                },
                {
                  "name": "ADV-2006-2874",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/2874"
                },
                {
                  "name": "20060718 PcAnywhere \u003e 12 Local Privilege Escalation",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/440448/100/0/threaded"
                },
                {
                  "name": "http://www.digitalbullets.org/?p=3",
                  "refsource": "MISC",
                  "url": "http://www.digitalbullets.org/?p=3"
                },
                {
                  "name": "1261",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/1261"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-3784",
        "datePublished": "2006-07-21T21:00:00.000Z",
        "dateReserved": "2006-07-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T18:39:54.089Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-3934 (GCVE-0-2005-3934)

    Vulnerability from cvelistv5 – Published: 2005-12-01 11:00 – Updated: 2024-08-07 23:31
    VLAI
    Summary
    Buffer overflow in Symantec pcAnywhere 11.0.1, 11.5.1, and all other 32-bit versions allows remote attackers to cause a denial of service (application crash) via unknown attack vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/17797 third-party-advisoryx_refsource_SECUNIA
    http://www.symantec.com/avcenter/security/Content… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/15646 vdb-entryx_refsource_BID
    http://securitytracker.com/id?1015284 vdb-entryx_refsource_SECTRACK
    http://www.vupen.com/english/advisories/2005/2658 vdb-entryx_refsource_VUPEN
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2005-11-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T23:31:48.921Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "17797",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17797"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.symantec.com/avcenter/security/Content/2005.11.29.html"
              },
              {
                "name": "15646",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/15646"
              },
              {
                "name": "1015284",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1015284"
              },
              {
                "name": "ADV-2005-2658",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2005/2658"
              },
              {
                "name": "symantec-pcanywhere-bo(23298)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23298"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-11-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Buffer overflow in Symantec pcAnywhere 11.0.1, 11.5.1, and all other 32-bit versions allows remote attackers to cause a denial of service (application crash) via unknown attack vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-19T15:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "17797",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17797"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.symantec.com/avcenter/security/Content/2005.11.29.html"
            },
            {
              "name": "15646",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/15646"
            },
            {
              "name": "1015284",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1015284"
            },
            {
              "name": "ADV-2005-2658",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2005/2658"
            },
            {
              "name": "symantec-pcanywhere-bo(23298)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23298"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2005-3934",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Buffer overflow in Symantec pcAnywhere 11.0.1, 11.5.1, and all other 32-bit versions allows remote attackers to cause a denial of service (application crash) via unknown attack vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "17797",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17797"
                },
                {
                  "name": "http://www.symantec.com/avcenter/security/Content/2005.11.29.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.symantec.com/avcenter/security/Content/2005.11.29.html"
                },
                {
                  "name": "15646",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/15646"
                },
                {
                  "name": "1015284",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1015284"
                },
                {
                  "name": "ADV-2005-2658",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2005/2658"
                },
                {
                  "name": "symantec-pcanywhere-bo(23298)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23298"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2005-3934",
        "datePublished": "2005-12-01T11:00:00.000Z",
        "dateReserved": "2005-12-01T00:00:00.000Z",
        "dateUpdated": "2024-08-07T23:31:48.921Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-1970 (GCVE-0-2005-1970)

    Vulnerability from cvelistv5 – Published: 2005-06-14 04:00 – Updated: 2024-08-07 22:06
    VLAI
    Summary
    Symantec pcAnywhere 10.5x and 11.x before 11.5, with "Launch with Windows" enabled, allows local users with physical access to execute arbitrary commands via the Caller Properties feature.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/15673 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/13933 vdb-entryx_refsource_BID
    http://securitytracker.com/id?1014178 vdb-entryx_refsource_SECTRACK
    http://securityresponse.symantec.com/avcenter/sec… x_refsource_CONFIRM
    Date Public
    2005-06-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T22:06:57.895Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "15673",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/15673"
              },
              {
                "name": "13933",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/13933"
              },
              {
                "name": "1014178",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1014178"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://securityresponse.symantec.com/avcenter/security/Content/2005.06.10.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-06-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Symantec pcAnywhere 10.5x and 11.x before 11.5, with \"Launch with Windows\" enabled, allows local users with physical access to execute arbitrary commands via the Caller Properties feature."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2006-01-12T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "15673",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/15673"
            },
            {
              "name": "13933",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/13933"
            },
            {
              "name": "1014178",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1014178"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://securityresponse.symantec.com/avcenter/security/Content/2005.06.10.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2005-1970",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Symantec pcAnywhere 10.5x and 11.x before 11.5, with \"Launch with Windows\" enabled, allows local users with physical access to execute arbitrary commands via the Caller Properties feature."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "15673",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/15673"
                },
                {
                  "name": "13933",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/13933"
                },
                {
                  "name": "1014178",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1014178"
                },
                {
                  "name": "http://securityresponse.symantec.com/avcenter/security/Content/2005.06.10.html",
                  "refsource": "CONFIRM",
                  "url": "http://securityresponse.symantec.com/avcenter/security/Content/2005.06.10.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2005-1970",
        "datePublished": "2005-06-14T04:00:00.000Z",
        "dateReserved": "2005-06-14T00:00:00.000Z",
        "dateUpdated": "2024-08-07T22:06:57.895Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2003-0936 (GCVE-0-2003-0936)

    Vulnerability from cvelistv5 – Published: 2003-11-18 05:00 – Updated: 2024-08-08 02:12
    VLAI
    Summary
    Symantec PCAnywhere 10.x and 11, when started as a service, allows attackers to gain SYSTEM privileges via the help interface using AWHOST32.exe.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2003-11-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T02:12:34.843Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://securityresponse.symantec.com/avcenter/security/Content/2003.11.13.html"
              },
              {
                "name": "20031113 RE: Secure Network Operations SRT2003-11-13-0218, PCAnywhere allows local users to become SYSTEM",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=106876107330752\u0026w=2"
              },
              {
                "name": "20031113 SRT2003-11-13-0218 - PCAnywhere local SYSTEM exploit",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=106875764826251\u0026w=2"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2003-11-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Symantec PCAnywhere 10.x and 11, when started as a service, allows attackers to gain SYSTEM privileges via the help interface using AWHOST32.exe."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-10-17T13:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://securityresponse.symantec.com/avcenter/security/Content/2003.11.13.html"
            },
            {
              "name": "20031113 RE: Secure Network Operations SRT2003-11-13-0218, PCAnywhere allows local users to become SYSTEM",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=106876107330752\u0026w=2"
            },
            {
              "name": "20031113 SRT2003-11-13-0218 - PCAnywhere local SYSTEM exploit",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=106875764826251\u0026w=2"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2003-0936",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Symantec PCAnywhere 10.x and 11, when started as a service, allows attackers to gain SYSTEM privileges via the help interface using AWHOST32.exe."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://securityresponse.symantec.com/avcenter/security/Content/2003.11.13.html",
                  "refsource": "CONFIRM",
                  "url": "http://securityresponse.symantec.com/avcenter/security/Content/2003.11.13.html"
                },
                {
                  "name": "20031113 RE: Secure Network Operations SRT2003-11-13-0218, PCAnywhere allows local users to become SYSTEM",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=106876107330752\u0026w=2"
                },
                {
                  "name": "20031113 SRT2003-11-13-0218 - PCAnywhere local SYSTEM exploit",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=106875764826251\u0026w=2"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2003-0936",
        "datePublished": "2003-11-18T05:00:00.000Z",
        "dateReserved": "2003-11-10T00:00:00.000Z",
        "dateUpdated": "2024-08-08T02:12:34.843Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }