CVE-2012-0290

Name of the Vulnerable Software and Affected Versions Symantec pcAnywhere versions prior to 12.5.4 Altiris IT Management Suite pcAnywhere Solution versions 7.0 and 7.1 Altiris Client Management Suite pcAnywhere Solution versions 7.0 and 7.1 Altiris Deployment Solution Remote pcAnywhere Solution version 7.1

Description The issue arises from improper handling of the client state after an abnormal termination of a remote session. This allows remote attackers to gain access to the client by exploiting an "open client session."

Recommendations For Symantec pcAnywhere versions prior to 12.5.4, update to version 12.5.4 or later to resolve the issue. For Altiris IT Management Suite pcAnywhere Solution versions 7.0 and 7.1, update to a version that incorporates the fix for Symantec pcAnywhere. For Altiris Client Management Suite pcAnywhere Solution versions 7.0 and 7.1, update to a version that incorporates the fix for Symantec pcAnywhere. For Altiris Deployment Solution Remote pcAnywhere Solution version 7.1, update to a version that incorporates the fix for Symantec pcAnywhere.