CVE-2005-2758 : Integer signedness error in the administrative interface for Symantec AntiVirus Scan Engine 4.0 and 4.3 allows remote at

Integer signedness error in the administrative interface for Symantec AntiVirus Scan Engine 4.0 and 4.3 allows remote attackers to execute arbitrary code via crafted HTTP headers with negative values, which lead to a heap-based buffer overflow.

Published 2005-10-05 19:02:00

Updated 2017-07-11 01:32:59

Source MITRE

View at NVD, CVE.org

Vulnerability category: OverflowExecute code

Exploit prediction scoring system (EPSS) score for CVE-2005-2758

Probability of exploitation activity in the next 30 days: 1.95%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 87 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2005-2758

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

References for CVE-2005-2758

http://www.securityfocus.com/bid/15001
http://www.symantec.com/avcenter/security/Content/2005.10.04.html

Patch;Vendor Advisory
http://www.kb.cert.org/vuls/id/849209

US Government Resource
http://www.idefense.com/application/poi/display?id=314&type=vulnerabilities

Patch;Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/22519
http://securityreason.com/securityalert/48
http://www.vupen.com/english/advisories/2005/1954
http://securitytracker.com/id?1015001

Products affected by CVE-2005-2758

Symantec » Antivirus Scan Engine » Version: 4.3 Clearswift Edition
cpe:2.3:a:symantec:antivirus_scan_engine:4.3:*:clearswift:*:*:*:*:*
Matching versions
Symantec » Antivirus Scan Engine » Version: 4.3 Microsoft Sharepoint Edition
cpe:2.3:a:symantec:antivirus_scan_engine:4.3:*:microsoft_sharepoint:*:*:*:*:*
Matching versions
Symantec » Antivirus Scan Engine » Version: 4.3
cpe:2.3:a:symantec:antivirus_scan_engine:4.3:*:*:*:*:*:*:*
Matching versions
Symantec » Antivirus Scan Engine » Version: 4.3 Caching Edition
cpe:2.3:a:symantec:antivirus_scan_engine:4.3:*:caching:*:*:*:*:*
Matching versions
Symantec » Antivirus Scan Engine » Version: 4.0 Netapp Filer Edition
cpe:2.3:a:symantec:antivirus_scan_engine:4.0:*:netapp_filer:*:*:*:*:*
Matching versions
Symantec » Antivirus Scan Engine » Version: 4.0 Netapp Netcache Edition
cpe:2.3:a:symantec:antivirus_scan_engine:4.0:*:netapp_netcache:*:*:*:*:*
Matching versions
Symantec » Antivirus Scan Engine » Version: 4.0
cpe:2.3:a:symantec:antivirus_scan_engine:4.0:*:*:*:*:*:*:*
Matching versions
Symantec » Antivirus Scan Engine » Version: 4.0 Bluecoat Edition
cpe:2.3:a:symantec:antivirus_scan_engine:4.0:*:bluecoat:*:*:*:*:*
Matching versions
Symantec » Antivirus Scan Engine » Version: 4.0 Clearswift Edition
cpe:2.3:a:symantec:antivirus_scan_engine:4.0:*:clearswift:*:*:*:*:*
Matching versions
Symantec » Antivirus Scan Engine For Network Attached Storage » Version: 4.3
cpe:2.3:a:symantec:antivirus_scan_engine_for_network_attached_storage:4.3:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2005-2758

Exploit prediction scoring system (EPSS) score for CVE-2005-2758

CVSS scores for CVE-2005-2758

References for CVE-2005-2758

Products affected by CVE-2005-2758