Symantec pcAnywhere Launch with Windows Caller Properties Local Privilege Escalation
High Nessus Plugin ID 20743
SynopsisThe remote control software on the remote host is affected by a local privilege escalation flaw.
DescriptionThe remote host is running pcAnywhere, a remote control software program for Windows.
According to the Windows registry, the installed version of pcAnywhere allows a local user to gain SYSTEM privileges by manipulating the 'Caller Properties' feature to run arbitrary commands when pcAnywhere is configured to run as a service.
SolutionUpgrade to pcAnywhere version 11.5 or later.