Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2758

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2005-2758
Last Modified 07 Mar 2011 09:24:59
Published 05 Oct 2005 03:02:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-2758

Summary

Integer signedness error in the administrative interface for Symantec AntiVirus Scan Engine 4.0 and 4.3 allows remote attackers to execute arbitrary code via crafted HTTP headers with negative values, which lead to a heap-based buffer overflow.

Vulnerable Systems

Application

  • Symantec Antivirus Scan Engine 4.0

  • Symantec Antivirus Scan Engine 4.3

  • Symantec Antivirus Scan Engine For Network Attached Storage 4.3


References

CERT-VN - VU#849209

CONFIRM - http://www.symantec.com/avcenter/security/Content/2005.10.04.html

IDEFENSE - 20051004 Symantec AntiVirus Scan Engine Web Service Buffer Overflow Vulnerability

XF - symantec-scanengine-admin-bo(22519)

VUPEN - ADV-2005-1954

BID - 15001

OSVDB - 19854

SECTRACK - 1015001

SECUNIA - 17049

SREASON - 48


Last Updated: 27 May 2016 10:40:38