Vulnerability Details CVE-2005-2758
Integer signedness error in the administrative interface for Symantec AntiVirus Scan Engine 4.0 and 4.3 allows remote attackers to execute arbitrary code via crafted HTTP headers with negative values, which lead to a heap-based buffer overflow.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.226
EPSS Ranking 95.5%
CVSS Severity
CVSS v2 Score 10.0
References
- http://secunia.com/advisories/17049
- http://securityreason.com/securityalert/48
- http://securitytracker.com/id?1015001
- http://www.idefense.com/application/poi/display?id=314&type=vulnerabilities
- http://www.kb.cert.org/vuls/id/849209
- http://www.osvdb.org/19854
- http://www.securityfocus.com/bid/15001
- http://www.symantec.com/avcenter/security/Content/2005.10.04.html
- http://www.vupen.com/english/advisories/2005/1954
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22519
- http://secunia.com/advisories/17049
- http://securityreason.com/securityalert/48
- http://securitytracker.com/id?1015001
- http://www.idefense.com/application/poi/display?id=314&type=vulnerabilities
- http://www.kb.cert.org/vuls/id/849209
- http://www.osvdb.org/19854
- http://www.securityfocus.com/bid/15001
- http://www.symantec.com/avcenter/security/Content/2005.10.04.html
- http://www.vupen.com/english/advisories/2005/1954
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22519
Products affected by CVE-2005-2758
-
cpe:2.3:a:symantec:antivirus_scan_engine:4.0
-
cpe:2.3:a:symantec:antivirus_scan_engine:4.3
-
cpe:2.3:a:symantec:antivirus_scan_engine_for_network_attached_storage:4.3