Vulnerabilities > CVE-2005-2758 - Buffer Overflow vulnerability in Symantec products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Integer signedness error in the administrative interface for Symantec AntiVirus Scan Engine 4.0 and 4.3 allows remote attackers to execute arbitrary code via crafted HTTP headers with negative values, which lead to a heap-based buffer overflow.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 10 |
Nessus
NASL family | Windows |
NASL id | SYMANTEC_SCAN_ENGINE_SYM05_017.NASL |
description | The remote host has a version of Symantec AntiVirus Scan Engine installed that is affected by a buffer overflow vulnerability in the web-based administrative interface. By sending a specially crafted request, a remote attacker may be able to execute arbitrary code. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 67229 |
published | 2013-07-10 |
reporter | This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/67229 |
title | Symantec AntiVirus Scan Engine Web Service Administrative Interface Buffer Overflow |
code |
|
References
- http://secunia.com/advisories/17049
- http://securityreason.com/securityalert/48
- http://securitytracker.com/id?1015001
- http://www.idefense.com/application/poi/display?id=314&type=vulnerabilities
- http://www.kb.cert.org/vuls/id/849209
- http://www.osvdb.org/19854
- http://www.securityfocus.com/bid/15001
- http://www.symantec.com/avcenter/security/Content/2005.10.04.html
- http://www.vupen.com/english/advisories/2005/1954
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22519