Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4438

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-4438
Last Modified 07 Mar 2011 09:28:16
Published 20 Dec 2005 08:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-4438

Summary

Heap-based buffer overflow in Dec2Rar.dll 3.2.14.3, as distributed in the Symantec Antivirus Library and used by various Symantec products, allows remote attackers to execute arbitrary code via RAR archives with sub-block headers that contain incorrect values in the length field.

Vulnerable Systems

Application

  • Dec2rar.dll 3.2.14.3


References

CERT-VN - VU#305272

VUPEN - ADV-2005-3003

BUGTRAQ - 20051220 Symantec Antivirus Library Remote Heap Overflows

MISC - http://www.rem0te.com/public/images/symc2.pdf

SECUNIA - 18131

BID - 15971

SECTRACK - 1015384

SREASON - 276


Last Updated: 27 May 2016 10:41:18