Description
Integer signedness error in the administrative interface for Symantec AntiVirus Scan Engine 4.0 and 4.3 allows remote attackers to execute arbitrary code via crafted HTTP headers with negative values, which lead to a heap-based buffer overflow.
References (10)
Core 10
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/22519
Patch, Vendor Advisory third-party-advisory
x_refsource_idefense
http://www.idefense.com/application/poi/display?id=314&type=vulnerabilities
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/15001
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/849209
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/19854
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2005/1954
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/17049
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1015001
Patch, Vendor Advisory x_refsource_confirm
http://www.symantec.com/avcenter/security/Content/2005.10.04.html
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/48
Scores
EPSS
0.2397
EPSS Percentile
96.1%
Details
Status
published
Products (3)
symantec/antivirus_scan_engine
4.0 (5 CPE variants)
symantec/antivirus_scan_engine
4.3 (4 CPE variants)
symantec/antivirus_scan_engine_for_network_attached_storage
4.3
Published
Oct 05, 2005
Tracked Since
Feb 18, 2026