CVE-2005-0643

McAfee Antivirus Engine - Buffer Overflow via Crafted LHA Files

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-0643. PoCs published by N4rK07IX.

AI-analyzed exploit summary This exploit targets a stack-based buffer overflow in LHA (versions 1.14d to 1.14i and 1.17) to achieve arbitrary code execution. It uses a crafted LHA archive and environment variable manipulation to overwrite the return address and execute shellcode.

Description

Buffer overflow in McAfee Scan Engine 4320 with DAT version before 4357 allows remote attackers to execute arbitrary code via crafted LHA files.

Exploits (1)

exploitdb WORKING POC VERIFIED

by N4rK07IX · cremoteunix

https://www.exploit-db.com/exploits/24067

View Code ZIP pw:eip

This exploit targets a stack-based buffer overflow in LHA (versions 1.14d to 1.14i and 1.17) to achieve arbitrary code execution. It uses a crafted LHA archive and environment variable manipulation to overwrite the return address and execute shellcode.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: LHA (1.14d to 1.14i, 1.17)

No auth needed

Prerequisites: Vulnerable LHA version installed · Ability to execute LHA on the target system · Crafted overflow.lha file

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/10243

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/14628

Vendor Advisory x_refsource_confirm

http://images.mcafee.com/misc/McAfee_Security_Bulletin_05-march-17.pdf

Scores

EPSS 0.1036

EPSS Percentile 95.1%

Details

Status published

Products (1)

mcafee/antivirus_engine 4.3.20

Published May 02, 2005

Tracked Since Feb 18, 2026