CVE-2005-2758
Summary
| CVE | CVE-2005-2758 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2005-10-05 19:02:00 UTC |
| Updated | 2017-07-11 01:32:00 UTC |
| Description | Integer signedness error in the administrative interface for Symantec AntiVirus Scan Engine 4.0 and 4.3 allows remote attackers to execute arbitrary code via crafted HTTP headers with negative values, which lead to a heap-based buffer overflow. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Symantec | Antivirus Scan Engine | 4.0 | All | All | All |
| Application | Symantec | Antivirus Scan Engine | 4.0 | All | bluecoat | All |
| Application | Symantec | Antivirus Scan Engine | 4.0 | All | clearswift | All |
| Application | Symantec | Antivirus Scan Engine | 4.0 | All | netapp_filer | All |
| Application | Symantec | Antivirus Scan Engine | 4.0 | All | netapp_netcache | All |
| Application | Symantec | Antivirus Scan Engine | 4.3 | All | All | All |
| Application | Symantec | Antivirus Scan Engine | 4.3 | All | caching | All |
| Application | Symantec | Antivirus Scan Engine | 4.3 | All | clearswift | All |
| Application | Symantec | Antivirus Scan Engine | 4.3 | All | microsoft_sharepoint | All |
| Application | Symantec | Antivirus Scan Engine | 4.0 | All | All | All |
| Application | Symantec | Antivirus Scan Engine | 4.0 | All | bluecoat | All |
| Application | Symantec | Antivirus Scan Engine | 4.0 | All | clearswift | All |
| Application | Symantec | Antivirus Scan Engine | 4.0 | All | netapp_filer | All |
| Application | Symantec | Antivirus Scan Engine | 4.0 | All | netapp_netcache | All |
| Application | Symantec | Antivirus Scan Engine | 4.3 | All | All | All |
| Application | Symantec | Antivirus Scan Engine | 4.3 | All | caching | All |
| Application | Symantec | Antivirus Scan Engine | 4.3 | All | clearswift | All |
| Application | Symantec | Antivirus Scan Engine | 4.3 | All | microsoft_sharepoint | All |
| Application | Symantec | Antivirus Scan Engine For Network Attached Storage | 4.3 | All | All | All |
| Application | Symantec | Antivirus Scan Engine For Network Attached Storage | 4.3 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Symantec AntiVirus Scan Engine Web Service Administrative Interface Buffer Overflow Vulnerability | BID | www.securityfocus.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | |
| US-CERT Vulnerability Note VU#849209 | CERT-VN | www.kb.cert.org | US Government Resource |
| Secunia - Advisories - Symantec AntiVirus Scan Engine Administrative Interface Buffer Overflow | SECUNIA | secunia.com | |
| SecurityReason - Symantec AntiVirus Scan Engine Web Service Buffer Overflow Vulnerability | SREASON | securityreason.com | |
| 19854 | OSVDB | www.osvdb.org | |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| SecurityTracker.com Archives - Symantec Anti Virus Scan Engine Buffer Overflow in Web Service Lets Remote Users Execute Arbitrary Code | SECTRACK | securitytracker.com | |
| Accenture | Let there be change | IDEFENSE | www.idefense.com | Patch, Vendor Advisory |
| 404 Not Found | CONFIRM | www.symantec.com | Patch, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.