CVE-2005-2758 : Integer signedness error in the administrative interface for Symantec AntiVirus

Integer signedness error in the administrative interface for Symantec AntiVirus Scan Engine 4.0 and 4.3 allows remote attackers to execute arbitrary code via crafted HTTP headers with negative values, which lead to a heap-based buffer overflow.

Published 2005-10-05 19:02:00

Updated 2025-04-03 01:03:51

Source MITRE

View at NVD, CVE.org

Vulnerability category: OverflowExecute code

Products affected by CVE-2005-2758

Symantec » Antivirus Scan Engine » Version: 4.3 Clearswift Edition
cpe:2.3:a:symantec:antivirus_scan_engine:4.3:*:clearswift:*:*:*:*:*
Matching versions
Symantec » Antivirus Scan Engine » Version: 4.3 Microsoft Sharepoint Edition
cpe:2.3:a:symantec:antivirus_scan_engine:4.3:*:microsoft_sharepoint:*:*:*:*:*
Matching versions
Symantec » Antivirus Scan Engine » Version: 4.3
cpe:2.3:a:symantec:antivirus_scan_engine:4.3:*:*:*:*:*:*:*
Matching versions
Symantec » Antivirus Scan Engine » Version: 4.3 Caching Edition
cpe:2.3:a:symantec:antivirus_scan_engine:4.3:*:caching:*:*:*:*:*
Matching versions
Symantec » Antivirus Scan Engine » Version: 4.0 Netapp Filer Edition
cpe:2.3:a:symantec:antivirus_scan_engine:4.0:*:netapp_filer:*:*:*:*:*
Matching versions
Symantec » Antivirus Scan Engine » Version: 4.0 Netapp Netcache Edition
cpe:2.3:a:symantec:antivirus_scan_engine:4.0:*:netapp_netcache:*:*:*:*:*
Matching versions
Symantec » Antivirus Scan Engine » Version: 4.0
cpe:2.3:a:symantec:antivirus_scan_engine:4.0:*:*:*:*:*:*:*
Matching versions
Symantec » Antivirus Scan Engine » Version: 4.0 Bluecoat Edition
cpe:2.3:a:symantec:antivirus_scan_engine:4.0:*:bluecoat:*:*:*:*:*
Matching versions
Symantec » Antivirus Scan Engine » Version: 4.0 Clearswift Edition
cpe:2.3:a:symantec:antivirus_scan_engine:4.0:*:clearswift:*:*:*:*:*
Matching versions
Symantec » Antivirus Scan Engine For Network Attached Storage » Version: 4.3
cpe:2.3:a:symantec:antivirus_scan_engine_for_network_attached_storage:4.3:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2005-2758

EPSS FAQ

22.57%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 95 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2005-2758

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

References for CVE-2005-2758

http://www.securityfocus.com/bid/15001
http://www.symantec.com/avcenter/security/Content/2005.10.04.html

Patch;Vendor Advisory
http://www.kb.cert.org/vuls/id/849209

US Government Resource
http://www.idefense.com/application/poi/display?id=314&type=vulnerabilities

Patch;Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/22519
http://securityreason.com/securityalert/48
http://www.osvdb.org/19854
http://secunia.com/advisories/17049
http://www.vupen.com/english/advisories/2005/1954
http://securitytracker.com/id?1015001

Jump to

Vulnerability Details : CVE-2005-2758

Products affected by CVE-2005-2758

Exploit prediction scoring system (EPSS) score for CVE-2005-2758

CVSS scores for CVE-2005-2758

References for CVE-2005-2758