Описание
Integer signedness error in the administrative interface for Symantec AntiVirus Scan Engine 4.0 and 4.3 allows remote attackers to execute arbitrary code via crafted HTTP headers with negative values, which lead to a heap-based buffer overflow.
Ссылки
- PatchVendor Advisory
- US Government Resource
- PatchVendor Advisory
- PatchVendor Advisory
- US Government Resource
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:symantec:antivirus_scan_engine:4.0:*:*:*:*:*:*:*
cpe:2.3:a:symantec:antivirus_scan_engine:4.0:*:bluecoat:*:*:*:*:*
cpe:2.3:a:symantec:antivirus_scan_engine:4.0:*:clearswift:*:*:*:*:*
cpe:2.3:a:symantec:antivirus_scan_engine:4.0:*:netapp_filer:*:*:*:*:*
cpe:2.3:a:symantec:antivirus_scan_engine:4.0:*:netapp_netcache:*:*:*:*:*
cpe:2.3:a:symantec:antivirus_scan_engine:4.3:*:*:*:*:*:*:*
cpe:2.3:a:symantec:antivirus_scan_engine:4.3:*:caching:*:*:*:*:*
cpe:2.3:a:symantec:antivirus_scan_engine:4.3:*:clearswift:*:*:*:*:*
cpe:2.3:a:symantec:antivirus_scan_engine:4.3:*:microsoft_sharepoint:*:*:*:*:*
cpe:2.3:a:symantec:antivirus_scan_engine_for_network_attached_storage:4.3:*:*:*:*:*:*:*
EPSS
Процентиль: 96%
0.23973
Средний
10 Critical
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Integer signedness error in the administrative interface for Symantec AntiVirus Scan Engine 4.0 and 4.3 allows remote attackers to execute arbitrary code via crafted HTTP headers with negative values, which lead to a heap-based buffer overflow.
EPSS
Процентиль: 96%
0.23973
Средний
10 Critical
CVSS2
Дефекты
NVD-CWE-Other