CVE-2005-2758: Buffer Overflow
First published: Wed Oct 05 2005(Updated: )
Integer signedness error in the administrative interface for Symantec AntiVirus Scan Engine 4.0 and 4.3 allows remote attackers to execute arbitrary code via crafted HTTP headers with negative values, which lead to a heap-based buffer overflow.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Symantec Antivirus Scan Engine for Microsoft SharePoint | =4.3 | |
| Symantec Antivirus Scan Engine for Microsoft SharePoint | =4.3 | |
| Symantec Antivirus Scan Engine for Microsoft SharePoint | =4.0 | |
| Symantec Antivirus Scan Engine for Microsoft SharePoint | =4.0 | |
| Symantec AntiVirus Scan Engine for Network Attached Storage | =4.3 | |
| Symantec Antivirus Scan Engine for Microsoft SharePoint | =4.0 | |
| Symantec Antivirus Scan Engine for Microsoft SharePoint | =4.0 | |
| Symantec Antivirus Scan Engine for Microsoft SharePoint | =4.3 | |
| Symantec Antivirus Scan Engine for Microsoft SharePoint | =4.0 | |
| Symantec Antivirus Scan Engine for Microsoft SharePoint | =4.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.idefense.com/application/poi/display?id=314&type=vulnerabilities
- http://www.symantec.com/avcenter/security/Content/2005.10.04.html
- http://www.kb.cert.org/vuls/id/849209
- http://securitytracker.com/id?1015001
- http://www.securityfocus.com/bid/15001
- http://secunia.com/advisories/17049
- http://www.osvdb.org/19854
- http://securityreason.com/securityalert/48
- http://www.vupen.com/english/advisories/2005/1954
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22519
Frequently Asked Questions
What is the severity of CVE-2005-2758?
CVE-2005-2758 is considered a critical vulnerability due to its potential for remote code execution.
How do I fix CVE-2005-2758?
To fix CVE-2005-2758, upgrade to a patched version of the Symantec AntiVirus Scan Engine that addresses this vulnerability.
What versions of Symantec AntiVirus are affected by CVE-2005-2758?
CVE-2005-2758 affects versions 4.0 and 4.3 of the Symantec AntiVirus Scan Engine.
Can CVE-2005-2758 be exploited remotely?
Yes, CVE-2005-2758 can be exploited remotely through crafted HTTP headers.
What types of attacks does CVE-2005-2758 allow?
CVE-2005-2758 allows attackers to execute arbitrary code due to a heap-based buffer overflow.
- agent/references
- agent/type
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/event
- agent/first-publish-date
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/symantec
- canonical/symantec antivirus scan engine for microsoft sharepoint
- version/symantec antivirus scan engine for microsoft sharepoint/4.3
- version/symantec antivirus scan engine for microsoft sharepoint/4.0
- canonical/symantec antivirus scan engine for network attached storage
- version/symantec antivirus scan engine for network attached storage/4.3