COMMAND

    Platinum PCM

SYSTEMS AFFECTED

    Systems running Platinum PCM 7.0 (Windows NT 4.0)

PROBLEM

    Following  is  based  on  S.A.F.E.R.  Security  Bulletin.   Policy
    Compliance  Manager  is  a  product  that  performs  checks on the
    system, in order to ensure that security policies are enforced. It
    acts very much as a security scanner, but with a limited number of
    security  checks.   PCM  Agent  can  be  installed  on   different
    machines. Then, users can establish connection and initiate checks
    using the PCM Client.

    If certain  amount of  data is  sent to  port where  Smaxagent.exe
    (Agent) is listening [1827], Smaxagent will crash. Restart of  the
    service is needed.  Remote users can also execute arbitrary code.

SOLUTION

    Platinum has  been informed  about this  issue (and  confirmed the
    problem) on September 9th 1998.