CVE-2005-2758

Currently unrated

Key Information:

Vendor: Symantec
Status: Antivirus Scan Engine; Antivirus Scan Engine For Network Attached Storage
Vendor: CVE Published:; 5 October 2005

Summary

Integer signedness error in the administrative interface for Symantec AntiVirus Scan Engine 4.0 and 4.3 allows remote attackers to execute arbitrary code via crafted HTTP headers with negative values, which lead to a heap-based buffer overflow.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/22519

vdb-entryx_refsource_XF

http://www.idefense.com/application/poi/display?id=314&ty...

third-party-advisoryx_refsource_IDEFENSE

http://www.securityfocus.com/bid/15001

vdb-entryx_refsource_BID

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Oct 5, 2005
Vulnerability Reserved
Aug 31, 2005