Symantec pcAnywhere contains a flaw that may allow a remote denial of service. The issue is due to an error within the awhost32 service, which may allow a remote attacker to crash the service with malformed packets resulting in a loss of availability.

Upgrade to version 12.5 SP4 or higher, as it has been reported to fix this vulnerability. In addition, the vendor has released a patch if you are currently unable to upgrade.

• Security Tracker: 1026717
• Exploit Database: 18493
• CVE ID: 2012-0292 (see also: NVD)
• Secunia Advisory ID: 48092
• Bugtraq ID: 52094
• Related OSVDB ID: 81968
• Generic Exploit URL: http://pastebin.com/VXkWDM6A
• News Article: http://resources.infosecinstitute.com/pcanywhere-leaked-source-code/
  http://www.informationweek.com/news/security/vulnerabilities/232500523
  http://www.informationweek.com/news/security/vulnerabilities/232601182
• Other Advisory URL: http://www.exploitscience.org/blog/?p=19
• Vendor URL: http://www.symantec.com/
• Vendor Specific Advisory URL: http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120124_00
• Vendor Specific News/Changelog Entry: http://www.symantec.com/theme.jsp?themeid=anonymous-code-claims

• Not Available