Vulnerability in Symantec Antivirus_scan_engine
CVE-2005-2758
Integer signedness error in the administrative interface for Symantec AntiVirus Scan Engine 4.0 and 4.3 allows remote attackers to execute arbitrary code via crafted HTTP headers with negative values, which lead to a heap-based buffer over…
EPSS: 0.134 (95.9th percentile) — read the EPSS interpretation.
Affected products
- Symantec Antivirus_scan_engine — versions 4.0, 4.3
- Symantec Antivirus_scan_engine_for_network_attached_storage — versions 4.3
- N/a — versions n/a
References
- cve@mitre.org (vdb-entry, x_refsource_XF)
- cve@mitre.org (x_refsource_IDEFENSE, Patch, Vendor Advisory, third-party-advisory)
- cve@mitre.org (vdb-entry, x_refsource_BID)
- cve@mitre.org (US Government Resource, x_refsource_CERT-VN, third-party-advisory)
- cve@mitre.org (x_refsource_OSVDB, vdb-entry)
- cve@mitre.org (vdb-entry, x_refsource_VUPEN)
- cve@mitre.org (x_refsource_SECUNIA, third-party-advisory)
- cve@mitre.org (vdb-entry, x_refsource_SECTRACK)
- cve@mitre.org (x_refsource_CONFIRM, Patch, Vendor Advisory)
- cve@mitre.org (x_refsource_SREASON, third-party-advisory)