CVE-2005-2758

Integer signedness error in the administrative interface for Symantec AntiVirus Scan Engine 4.0 and 4.3 allows remote attackers to execute arbitrary code via crafted HTTP headers with negative values, which lead to a heap-based buffer overflow.

Published: Oct 5, 2005
Updated: Apr 13, 2023
CVE: CVE-2005-2758
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
symantec / antivirus_scan_engine	4.3	4.3.x
symantec / antivirus_scan_engine	4.0	4.0.x
symantec / antivirus_scan_engine_for_network_attached_storage	4.3	4.3.x

http://secunia.com/advisories/17049
http://securityreason.com/securityalert/48
http://securitytracker.com/id?1015001
http://www.idefense.com/application/poi/display?id=314&type=vulnerabilities
http://www.kb.cert.org/vuls/id/849209
http://www.osvdb.org/19854
http://www.securityfocus.com/bid/15001
http://www.symantec.com/avcenter/security/Content/2005.10.04.html
http://www.vupen.com/english/advisories/2005/1954
https://exchange.xforce.ibmcloud.com/vulnerabilities/22519

Vulnerability Database

289,697

CVE-2005-2758