CVE-2009-0538
Last modified
CVE-2009-0538 is a vulnerability of currently unknown severity. Format string vulnerability in Symantec pcAnywhere before 12.5 SP1 allows local users to read and modify arbitrary memory locations, and cause a denial of service (application crash) or possibly have unspecified other impact, via format string specifiers in the pathname of a remote control file (aka .CHF file).. EPSS estimates a 0.38% chance of exploitation in the next 30 days.
Description
Format string vulnerability in Symantec pcAnywhere before 12.5 SP1 allows local users to read and modify arbitrary memory locations, and cause a denial of service (application crash) or possibly have unspecified other impact, via format string specifiers in the pathname of a remote control file (aka .CHF file).
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Symantec | Pcanywhere | <= 12.5 |
| Symantec | Pcanywhere | 10.0 |
| Symantec | Pcanywhere | 10.5 |
| Symantec | Pcanywhere | 11.0 |
| Symantec | Pcanywhere | 11.0.1 |
| Symantec | Pcanywhere | 11.5 |
| Symantec | Pcanywhere | 11.5.1 |
| Symantec | Pcanywhere | 12.0 |
| Symantec | Pcanywhere | 12.1 |
References
- http://securityresponse.symantec.com/avcenter/security/Content/2009.03.17.htmlPatch, Vendor Advisory
- http://www.layereddefense.com/pcanywhere17mar.htmlVendor Advisory
- http://securityresponse.symantec.com/avcenter/security/Content/2009.03.17.htmlPatch, Vendor Advisory
- http://www.layereddefense.com/pcanywhere17mar.htmlVendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2009-0538?
How severe is CVE-2009-0538?
How do I fix CVE-2009-0538?
Are you affected by CVE-2009-0538?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST