CVE-2005-0249 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2005-0249?

CVE-2005-0249 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2005-0249?

Check the references section above for vendor advisories and patch information. Affected products include: Symantec Antivirus Scan Engine, Symantec Brightmail Antispam, Symantec Client Security, Symantec Gateway Security, Symantec Mail Security.

Vulnerability Description

Heap-based buffer overflow in the DEC2EXE module for Symantec AntiVirus Library allows remote attackers to execute arbitrary code via a UPX compressed file containing a negative virtual offset to a crafted PE header.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Symantec	Antivirus Scan Engine	< 4.3.3
Symantec	Brightmail Antispam	4.0
Symantec	Client Security	1.0.1_build_8.01.434
Symantec	Gateway Security	1.0
Symantec	Mail Security	4.0
Symantec	Norton Antivirus	2.18_build_83
Symantec	Norton Internet Security	2004
Symantec	Norton System Works	2004
Symantec	Sav Filter Domino Nt Ports	build3.0.5
Symantec	Sav Filter For Domino Nt	3.1.1
Symantec	Web Security	3.01.59

References

http://securitytracker.com/id?1013133Third Party AdvisoryVDB Entry
http://www.kb.cert.org/vuls/id/107822PatchThird Party AdvisoryUS Government Resource
http://www.symantec.com/avcenter/security/Content/2005.02.08.htmlPatchVendor Advisory
http://xforce.iss.net/xforce/alerts/id/187PatchVendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/18869VDB Entry
http://securitytracker.com/id?1013133Third Party AdvisoryVDB Entry
http://www.kb.cert.org/vuls/id/107822PatchThird Party AdvisoryUS Government Resource
http://www.symantec.com/avcenter/security/Content/2005.02.08.htmlPatchVendor Advisory
http://xforce.iss.net/xforce/alerts/id/187PatchVendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/18869VDB Entry

FAQ

What is CVE-2005-0249?

CVE-2005-0249 is a vulnerability with a CVSS score of 7.5 (HIGH). Heap-based buffer overflow in the DEC2EXE module for Symantec AntiVirus Library allows remote attackers to execute arbitrary code via a UPX compressed file containing a negative virtual offset to a cr...

How severe is CVE-2005-0249?

CVE-2005-0249 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2005-0249?

Check the references section above for vendor advisories and patch information. Affected products include: Symantec Antivirus Scan Engine, Symantec Brightmail Antispam, Symantec Client Security, Symantec Gateway Security, Symantec Mail Security.