Arbitrary Code Execution via Negative Values in Symantec AntiVirus Scan Engine Administrative Interface
CVE-2005-2758 · HIGH Severity
AV:N/AC:L/AU:N/C:C/I:C/A:C
Integer signedness error in the administrative interface for Symantec AntiVirus Scan Engine 4.0 and 4.3 allows remote attackers to execute arbitrary code via crafted HTTP headers with negative values, which lead to a heap-based buffer overflow.
Learn more about our Web Application Penetration Testing UK.