Secunia Advisory: SA10238
Release Date: 2003-11-17
Critical: Less critical
Impact: Privilege escalation
Where: Local system
Software: Symantec pcAnywhere 9.x
Description:
A vulnerability has been reported in Symantec pcAnywhere, which can be exploited by malicious users to escalate their privileges.
The problem is that both local and remote users can interact with a chat session window running on the host spawned under the AWHOST32 process when Symantec pcAnywhere runs in "service mode".
This can be exploited through the save feature of the chat to start any program (e.g. open a command prompt) via the context menu on the executable and run that program with the privileges of AWHOST32 (typically SYSTEM).
The vulnerability has been reported in version 9.01 and 9.2. Other versions may also be affected.
Solution:
Grant only trusted users access to vulnerable systems.
Don't run pcAnywhere in "service mode".
http://www.secunia.com/advisories/10238/

Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic