Researcher claims to have found further vulnerabilities in pcAnywhere

By Stuart Sumner
24 Feb 2012 View Comments
Symantec pcAnywhere

Code has been released that potentially enables an attacker to remotely crash Symantec product pcAnywhere.

The code was published by Johnathan Norman, who works as director of research at security firm Alert Logic. He says the code even works on fully patched versions of the software.

Further reading

"I've been working on the remote pcAnywhere vulnerability reported a few weeks ago and stumbled on a few other flaws during my research. This works on patched versions as well," he stated.

The source code for pcAnywhere and Symantec's flagship Norton Antivirus products was leaked by an Indian hacking group last month.

At the time, the firm downplayed the leak, saying that it only involved old code and would not affect customers.

However, subsequently it realised that hackers could gain remote control of users' machines using information from the leaked code, and released a patch to close the vulnerability.

Symantec advised at the time that it could not ensure that the product would be completely secure, and warned users not to install it if they had not already done so.

The leak has acted as a catalyst for the online world of security watchers to explore code.

For example, an anonymous poster to the Infosec Institute recently suggested any firms still using the software should uninstall it completely, claiming that the source code leak has rendered it irretrievably insecure.

"For hackers, the sky is the limit as they now have all of the juicy details of the pcAnywhere product... We now know how their LiveUpdate system works thanks to the included architecture plans and full source code, which is also used to update Symantec's current anti-virus products. Any exploits in the code are now visible by all," the poster claimed.

Symantec was unavailable for comment at the time of writing.

Reader comments
blog comments powered by Disqus
Newsletters
Windows 10 - will you upgrade?

Microsoft has made an early version of Windows 10 - its next operating system - available for download. The OS promises better integration and harmonisation across platforms, including mobile and desktop. Will your business be upgrading?

37 %
33 %
11 %
19 %