Vulnerability

    pcANYWHERE

Affected

    pcANYWHERE 8.0 and 9.0, 9.1, 9.2

Description

    Frankie  Zie  found  following.   When  we  use  pcANYWHERE remote
    control client to  connect the host  running pcANYWHERE, at  first
    the statu bar appears  "pcANYWHERE connecting...", then the  login
    window will  appear; but  if we  press "Cancel"  before the  login
    window appears, the pcANYWHERE service will be crashed.  We  can't
    connect the host via pcANYWHERE client any longer.

    You  may  have  to  repeat  the 'connect, cancel, wait, reconnect,
    cancel,  wait,  reconnect'  process  a  few  times to successfully
    crash the service.

    If host running pcANYWHERE 9.0, We can restore the service by  the
    following steps:

        telnet host 5631
        appers:
        }
        Please press <Enter>...

        then press Enter

    We can connect pcANYWHERE now

    If the host running pcANYWHERE  8.0, you must stop the  pcANYWHERE
    service and restart it:

        net stop awhost32
        net start awhost32

Solution

    Evan  9.2  was  bought  out  after  discovery  of this bug, people
    are able to perform  the exact same DoS  on the same box  with the
    new 9.2 upgrade in place.  So, nothing yet.