SECURITY FIRM Symantec has issued an alert about its PCanywhere software, and warned enterprises to use it only for business critical purposes.
"Symantec PCanywhere is susceptible to local file tampering elevation of privilege attempts and remote code execution attempts," is the official line from the firm.
"It is possible to run arbitrary code on a targeted system in the context of the application which is normally System."
A hot fix is available now and users are advised to fix the problem right away in order to avoid someone injecting a script into their computer and seizing control of it.
The remote code execution is enabled through the improper validation or filtering of external data input during login and authentication with Symantec PCanywhere host services on TCP port 5631, Symantec explained.
"Successful exploitation would require either gaining unauthorized network access or enticing an authorized network user to run malicious code against a targeted system. Results could be a crash of the application or possibly successful arbitrary code execution in the context of the application on the targeted system," it added.
The company did not say it, but it is possible that the vulnerability could present an opportunity to hackers that support the Anonymous group, which earlier claimed to have source code belonging to it.
"Our current analysis shows that all pcAnywhere 12.0, 12.1 and 12.5 customers are at increased risk, as well as customers using prior versions of the product," it said.
"Symantec recommends that customers follow general security best practices, as well as configuring pcAnywhere in a way that minimizes potential risks. Symantec also recommends that customers only use pcAnywhere for business critical purposes."
Anonymousabu, one of the more vocal of those associated with Anonymous, greeted the news with grim humour. "They're upset we reverse engineered their client to bypass authentication and are taking over corp pcanywhere servers," he said. "LOL." µ