TAIWAN
2003-11-23, 09:54 PM
賽門鐵客 Symantec 產品權限提昇漏洞
PCAnywhere is an industry-leading remote control software that features remote management paired with file transfer capabilities. PCAnywhere has the ability to help quickly resolve helpdesk and server support issues.
When PCAnywhere is started as a service or set to launch with windows an attacker may be able to take SYSTEM rights via the help interface. AWHOST32.exe runs as the user SYSTEM while interacting with the local desktop on the machine that PCAnywhere is listening. Users have the ability to interact with AWHOST32 via an icon in the Windows systray.
Brett Moore of security-assessment.com pointed out a flaw in the Win32 help API which can be found at http://www.securityfocus.com/bid/8884 . A variation of this attack is present in both PCAnywhere 10 and 11. It is unknown how this issue affects older versions of PCAnywhere since they are no longer supported products.
http://www.securityfocus.com/bid/8884
http://www.securityfocus.com
securityfocus 為天網安全實驗室SKYNET 合作伙伴
PCAnywhere is an industry-leading remote control software that features remote management paired with file transfer capabilities. PCAnywhere has the ability to help quickly resolve helpdesk and server support issues.
When PCAnywhere is started as a service or set to launch with windows an attacker may be able to take SYSTEM rights via the help interface. AWHOST32.exe runs as the user SYSTEM while interacting with the local desktop on the machine that PCAnywhere is listening. Users have the ability to interact with AWHOST32 via an icon in the Windows systray.
Brett Moore of security-assessment.com pointed out a flaw in the Win32 help API which can be found at http://www.securityfocus.com/bid/8884 . A variation of this attack is present in both PCAnywhere 10 and 11. It is unknown how this issue affects older versions of PCAnywhere since they are no longer supported products.
http://www.securityfocus.com/bid/8884
http://www.securityfocus.com
securityfocus 為天網安全實驗室SKYNET 合作伙伴