Arbitrary Code Execution via Negative Values in Symantec AntiVirus Scan Engine Administrative Interface

Arbitrary Code Execution via Negative Values in Symantec AntiVirus Scan Engine Administrative Interface

CVE-2005-2758 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

Integer signedness error in the administrative interface for Symantec AntiVirus Scan Engine 4.0 and 4.3 allows remote attackers to execute arbitrary code via crafted HTTP headers with negative values, which lead to a heap-based buffer overflow.

Learn more about our Web Application Penetration Testing UK.