Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0249

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-0249
Last Modified 05 Sep 2008 04:45:45
Published 08 Feb 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-0249

Summary

Heap-based buffer overflow in the DEC2EXE module for Symantec AntiVirus Library allows remote attackers to execute arbitrary code via a UPX compressed file containing a negative virtual offset to a crafted PE header.

Vulnerable Systems

Application

  • Symantec Antivirus Scan Engine 3.1.1

  • Symantec Antivirus Scan Engine 3.1.2

  • Symantec Antivirus Scan Engine 3.1.3

  • Symantec Antivirus Scan Engine 3.1.4

  • Symantec Antivirus Scan Engine 3.1.5

  • Symantec Antivirus Scan Engine 3.1.6

  • Symantec Antivirus Scan Engine 4.0

  • Symantec Antivirus Scan Engine 4.3

  • Symantec Antivirus Scan Engine 4.3.3

  • Symantec Brightmail Antispam 4.0

  • Symantec Brightmail Antispam 5.5

  • Symantec Client Security 1.0.1 Build 8.01.434

  • Symantec Client Security 1.0.1 Build 8.01.437

  • Symantec Client Security 1.0.1 Build 8.01.446

  • Symantec Client Security 1.0.1 Build 8.01.457

  • Symantec Client Security 1.0.1 Build 8.01.460

  • Symantec Client Security 1.0.1 Build 8.01.464

  • Symantec Client Security 1.0.1 Build 8.01.471

  • Symantec Client Security 1.1.1 Mr1 Build 8.1.1.314a

  • Symantec Client Security 1.1.1 Mr2 Build 8.1.1.319

  • Symantec Client Security 1.1.1 Mr3 Build 8.1.1.323

  • Symantec Client Security 1.1.1 Mr4 Build 8.1.1.329

  • Symantec Client Security 1.1.1 Mr5 Build 8.1.1.336

  • Symantec Gateway Security 1.0

  • Symantec Gateway Security 2.0

  • Symantec Gateway Security 2.0.1

  • Symantec Mail Security 4.0

  • Symantec Mail Security 4.0.2

  • Symantec Mail Security 4.1

  • Symantec Mail Security 4.5 Build 719

  • Symantec Norton Antivirus 2.18 Build 83

  • Symantec Norton Antivirus 2004

  • Symantec Norton Antivirus 8.01.434

  • Symantec Norton Antivirus 8.01.437

  • Symantec Norton Antivirus 8.01.446

  • Symantec Norton Antivirus 8.01.457

  • Symantec Norton Antivirus 8.01.460

  • Symantec Norton Antivirus 8.01.464

  • Symantec Norton Antivirus 8.01.471

  • Symantec Norton Antivirus 8.1.1 Build8.1.1.314a

  • Symantec Norton Antivirus 8.1.1.319

  • Symantec Norton Antivirus 8.1.1.323

  • Symantec Norton Antivirus 8.1.1.329

  • Symantec Norton Antivirus 9.0

  • Symantec Norton Internet Security 2004

  • Symantec Norton Internet Security 3.0

  • Symantec Norton System Works 2004

  • Symantec Norton System Works 3.0

  • Symantec Sav Filter Domino Nt Ports Build3.0.5

  • Symantec Sav Filter For Domino Nt 3.1.1

  • Symantec Web Security 3.01.59

  • Symantec Web Security 3.01.60

  • Symantec Web Security 3.01.61

  • Symantec Web Security 3.01.62

  • Symantec Web Security 3.01.63

  • Symantec Web Security 3.01.67

  • Symantec Web Security 3.01.68


References

CERT-VN - VU#107822

XF - upx-engine-gain-control(18869)

ISS - 20050208 Symantec AntiVirus Library Heap Overflow

CONFIRM - http://www.symantec.com/avcenter/security/Content/2005.02.08.html

SECTRACK - 1013133


Last Updated: 27 May 2016 10:39:44