Buffer Overflow in Symantec AntiVirus Scan Engine Administrative Interface
CVE-2005-2758

Currently unrated

Key Information:

Vendor: Symantec
Status: Antivirus Scan Engine; Antivirus Scan Engine For Network Attached Storage
Vendor: CVE Published:; 5 October 2005

What is CVE-2005-2758?

An integer signedness error exists in the administrative interface of the Symantec AntiVirus Scan Engine versions 4.0 and 4.3, which can be exploited by attackers. This vulnerability allows for crafted HTTP headers with negative values, leading to a heap-based buffer overflow that enables remote attackers to execute arbitrary code on the affected systems.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/22519

vdb-entryx_refsource_XF

http://www.idefense.com/application/poi/display?id=314&ty...

third-party-advisoryx_refsource_IDEFENSE

http://www.securityfocus.com/bid/15001

vdb-entryx_refsource_BID

EPSS Score

22% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 5, 2005
Vulnerability Reserved
Aug 31, 2005