VIR Vulnerability Intelligence Relay

CVE-2012-0290

critical
Published 2012-02-06 · Modified 2026-04-29
CVSS v3
CVSS v2
10.0
VIR risk
10.0

Description

Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), and Altiris Deployment Solution Remote pcAnywhere Solution 7.1 (aka 12.5.x and 12.6.x) do not properly handle the client state after abnormal termination of a remote session, which allows remote attackers to obtain access to the client by leveraging an "open client session."

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120124_00

Application impact
VendorProductVersionsFixed
symantecpcanywhere{"endIncluding":"12.5.3"}
symantecpcanywhere5.0
symantecpcanywhere8.0
symantecpcanywhere9.2
symantecpcanywhere10.5
symantecpcanywhere11.5
symantecpcanywhere11.5.1
symantecpcanywhere12.1
symantecpcanywhere12.5
symantecpcanywhere12.5.265
symantecpcanywhere12.5.539
symantecpcanywhere12.6.65
symantecpcanywhere12.6.7580
symantecaltiris_client_management_suite_pcanywhere_solution12.5
symantecaltiris_client_management_suite_pcanywhere_solution12.6
symantecaltiris_deployment_solution_remote_pcanywhere_solution12.5
symantecaltiris_deployment_solution_remote_pcanywhere_solution12.6

References

Verify integrity in audit chain (admin only). AS-IS.