Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMitreCVE-2005-0249
HistoryFeb 08, 2005 - 5:00 a.m.

CVE-2005-0249

2005-02-0805:00:00
mitre
web.nvd.nist.gov
32
cve-2005-0249
symantec antivirus library
buffer overflow
remote code execution
upx compressed file

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8

Confidence

High

EPSS

0.005

Percentile

75.6%

JSON

Heap-based buffer overflow in the DEC2EXE module for Symantec AntiVirus Library allows remote attackers to execute arbitrary code via a UPX compressed file containing a negative virtual offset to a crafted PE header.

Affected configurations

Nvd
Node
symantecantivirus_scan_engineRange<4.3.3
OR
symantecbrightmail_antispamMatch4.0
OR
symantecbrightmail_antispamMatch5.5
OR
symantecclient_securityMatch1.0.1_build_8.01.434mr3
OR
symantecclient_securityMatch1.0.1_build_8.01.437
OR
symantecclient_securityMatch1.0.1_build_8.01.446mr4
OR
symantecclient_securityMatch1.0.1_build_8.01.457mr5
OR
symantecclient_securityMatch1.0.1_build_8.01.460mr6
OR
symantecclient_securityMatch1.0.1_build_8.01.464mr7
OR
symantecclient_securityMatch1.0.1_build_8.01.471mr8
OR
symantecclient_securityMatch1.1.1_mr1_build_8.1.1.314a
OR
symantecclient_securityMatch1.1.1_mr2_build_8.1.1.319
OR
symantecclient_securityMatch1.1.1_mr3_build_8.1.1.323
OR
symantecclient_securityMatch1.1.1_mr4_build_8.1.1.329
OR
symantecclient_securityMatch1.1.1_mr5_build_8.1.1.336
OR
symantecgateway_securityMatch1.0
OR
symantecgateway_securityMatch2.0
OR
symantecgateway_securityMatch2.0.1
OR
symantecmail_securityMatch4.0domino
OR
symantecmail_securityMatch4.1build_458exchange
OR
symantecmail_securityMatch4.1build_459exchange
OR
symantecmail_securityMatch4.1build_461exchange
OR
symantecmail_securityMatch4.5_build_719exchange
OR
symantecnorton_antivirusMatch2.18_build_83exchange
OR
symantecnorton_antivirusMatch8.1.1.319corporate
OR
symantecnorton_antivirusMatch8.1.1.323corporate
OR
symantecnorton_antivirusMatch8.1.1.329corporate
OR
symantecnorton_antivirusMatch8.1.1_build8.1.1.314acorporate
OR
symantecnorton_antivirusMatch8.01.434corporate
OR
symantecnorton_antivirusMatch8.01.437corporate
OR
symantecnorton_antivirusMatch8.01.446corporate
OR
symantecnorton_antivirusMatch8.01.457corporate
OR
symantecnorton_antivirusMatch8.01.460corporate
OR
symantecnorton_antivirusMatch8.01.464corporate
OR
symantecnorton_antivirusMatch8.01.471corporate
OR
symantecnorton_antivirusMatch9.0macintosh_corporate
OR
symantecnorton_antivirusMatch2004windows
OR
symantecnorton_internet_securityMatch2004professional
OR
symantecnorton_system_worksMatch2004windows
OR
symantecsav_filter_domino_nt_portsMatchbuild3.0.5aix
OR
symantecsav_filter_domino_nt_portsMatchbuild3.0.5os_400
OR
symantecsav_filter_for_domino_ntMatch3.1.1
OR
symantecweb_securityMatch3.01.59
OR
symantecweb_securityMatch3.01.60
OR
symantecweb_securityMatch3.01.61
OR
symantecweb_securityMatch3.01.62
OR
symantecweb_securityMatch3.01.63
OR
symantecweb_securityMatch3.01.67
OR
symantecweb_securityMatch3.01.68
VendorProductVersionCPE
symantecantivirus_scan_engine*cpe:2.3:a:symantec:antivirus_scan_engine:*:*:*:*:*:*:*:*
symantecbrightmail_antispam4.0cpe:2.3:a:symantec:brightmail_antispam:4.0:*:*:*:*:*:*:*
symantecbrightmail_antispam5.5cpe:2.3:a:symantec:brightmail_antispam:5.5:*:*:*:*:*:*:*
symantecclient_security1.0.1_build_8.01.434cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.434:mr3:*:*:*:*:*:*
symantecclient_security1.0.1_build_8.01.437cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.437:*:*:*:*:*:*:*
symantecclient_security1.0.1_build_8.01.446cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.446:mr4:*:*:*:*:*:*
symantecclient_security1.0.1_build_8.01.457cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.457:mr5:*:*:*:*:*:*
symantecclient_security1.0.1_build_8.01.460cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.460:mr6:*:*:*:*:*:*
symantecclient_security1.0.1_build_8.01.464cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.464:mr7:*:*:*:*:*:*
symantecclient_security1.0.1_build_8.01.471cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.471:mr8:*:*:*:*:*:*
Rows per page:
1-10 of 491

Related

symantec 1
cvelist 1
nvd 1
securityvulns 1
canvas 1
cert 1
symantec
symantec
Symantec UPX Parsing Engine Heap Overflow
2005-02-08 08:00:00
cvelist
cvelist
CVE-2005-0249
2005-02-08 05:00:00
nvd
nvd
CVE-2005-0249
2005-02-08 05:00:00
securityvulns
securityvulns
SYM05-003 Symantec UPX Parsing Engine Heap Overflow
2005-02-12 00:00:00
canvas
canvas
Immunity Canvas: NORTON_UPX
2005-02-08 05:00:00
cert
cert
Symantec products vulnerable to buffer overflow via a specially crafted UPX file
2005-02-10 00:00:00

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8

Confidence

High

EPSS

0.005

Percentile

75.6%

JSON
Related for CVE-2005-0249
symantec1cvelist1nvd1securityvulns1canvas1cert1