Loading ...

Representatives from Symantec does not comment on the question of whether vulnerability is associated with the theft of the source code products, which occurred in early January 2012.

Symantec has released a security bulletin describing a critical vulnerability in its product Symantec pcAnywhere, which could allow attackers to escalate privileges or execute arbitrary code on the target system. In the security bulletin from Symantec appears: “Execution of arbitrary code on the target system is the result of improper inspection and filtering external input data authentication and authorization of Symantec pcAnywhere to host services in 5631/TCP. Successful exploitation of this vulnerability to gain unauthorized access or system or to make an authorized user to perform malicious code on the target system. The result of exploitation of this vulnerability will crash the application or execute arbitrary code on the target system through the application. “In the Symantec claim that the vulnerability has not been used, but the company has released an emergency patch. The company did not comment on the relationship of vulnerability with theft of source code antivirus products from Symantec. Recall that in early January of this year, hackers gained access to the source code of Symantec Endpoint Protection 11.0 and Symantec Antivirus 10.2.With a description of the vulnerability can be found here.