ID CVE-2005-2758
Summary Integer signedness error in the administrative interface for Symantec AntiVirus Scan Engine 4.0 and 4.3 allows remote attackers to execute arbitrary code via crafted HTTP headers with negative values, which lead to a heap-based buffer overflow.
References
Vulnerable Configurations
  • cpe:2.3:a:symantec:antivirus_scan_engine:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:antivirus_scan_engine:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:antivirus_scan_engine:4.0:*:bluecoat:*:*:*:*:*
    cpe:2.3:a:symantec:antivirus_scan_engine:4.0:*:bluecoat:*:*:*:*:*
  • cpe:2.3:a:symantec:antivirus_scan_engine:4.0:*:clearswift:*:*:*:*:*
    cpe:2.3:a:symantec:antivirus_scan_engine:4.0:*:clearswift:*:*:*:*:*
  • cpe:2.3:a:symantec:antivirus_scan_engine:4.0:*:netapp_filer:*:*:*:*:*
    cpe:2.3:a:symantec:antivirus_scan_engine:4.0:*:netapp_filer:*:*:*:*:*
  • cpe:2.3:a:symantec:antivirus_scan_engine:4.0:*:netapp_netcache:*:*:*:*:*
    cpe:2.3:a:symantec:antivirus_scan_engine:4.0:*:netapp_netcache:*:*:*:*:*
  • cpe:2.3:a:symantec:antivirus_scan_engine:4.3:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:antivirus_scan_engine:4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:antivirus_scan_engine:4.3:*:caching:*:*:*:*:*
    cpe:2.3:a:symantec:antivirus_scan_engine:4.3:*:caching:*:*:*:*:*
  • cpe:2.3:a:symantec:antivirus_scan_engine:4.3:*:clearswift:*:*:*:*:*
    cpe:2.3:a:symantec:antivirus_scan_engine:4.3:*:clearswift:*:*:*:*:*
  • cpe:2.3:a:symantec:antivirus_scan_engine:4.3:*:microsoft_sharepoint:*:*:*:*:*
    cpe:2.3:a:symantec:antivirus_scan_engine:4.3:*:microsoft_sharepoint:*:*:*:*:*
  • cpe:2.3:a:symantec:antivirus_scan_engine_for_network_attached_storage:4.3:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:antivirus_scan_engine_for_network_attached_storage:4.3:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 11-07-2017 - 01:32)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
refmap via4
bid 15001
cert-vn VU#849209
confirm http://www.symantec.com/avcenter/security/Content/2005.10.04.html
idefense 20051004 Symantec AntiVirus Scan Engine Web Service Buffer Overflow Vulnerability
osvdb 19854
sectrack 1015001
secunia 17049
sreason 48
vupen ADV-2005-1954
xf symantec-scanengine-admin-bo(22519)
Last major update 11-07-2017 - 01:32
Published 05-10-2005 - 19:02
Back to Top