Format string vulnerability in Symantec pcAnywhere before 12.5 SP1 allows local users to read and modify arbitrary memory locations, and cause a denial of service (application crash) or possibly have unspecified other impact, via format string specifiers in the pathname of a remote control file (aka .CHF file).
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Pcanywhere | Symantec | * | 12.5 (including) |
| Pcanywhere | Symantec | 10.0 (including) | 10.0 (including) |
| Pcanywhere | Symantec | 10.5 (including) | 10.5 (including) |
| Pcanywhere | Symantec | 11.0 (including) | 11.0 (including) |
| Pcanywhere | Symantec | 11.0.1 (including) | 11.0.1 (including) |
| Pcanywhere | Symantec | 11.5 (including) | 11.5 (including) |
| Pcanywhere | Symantec | 11.5.1 (including) | 11.5.1 (including) |
| Pcanywhere | Symantec | 12.0 (including) | 12.0 (including) |
| Pcanywhere | Symantec | 12.1 (including) | 12.1 (including) |