CVE-2005-4438

Опубликовано: 21 дек. 2005

Источник: nvd

CVSS2: 7.5

EPSS Средний

Описание

Heap-based buffer overflow in Dec2Rar.dll 3.2.14.3, as distributed in the Symantec Antivirus Library and used by various Symantec products, allows remote attackers to execute arbitrary code via RAR archives with sub-block headers that contain incorrect values in the length field.

Ссылки

http://secunia.com/advisories/18131
Vendor Advisory
http://securityreason.com/securityalert/276
http://securitytracker.com/id?1015384
http://www.kb.cert.org/vuls/id/305272
US Government Resource
http://www.rem0te.com/public/images/symc2.pdf
Vendor Advisory
http://www.securityfocus.com/archive/1/419853/100/0/threaded
http://www.securityfocus.com/bid/15971
http://www.vupen.com/english/advisories/2005/3003
http://secunia.com/advisories/18131
Vendor Advisory
http://securityreason.com/securityalert/276
http://securitytracker.com/id?1015384
http://www.kb.cert.org/vuls/id/305272
US Government Resource
http://www.rem0te.com/public/images/symc2.pdf
Vendor Advisory
http://www.securityfocus.com/archive/1/419853/100/0/threaded
http://www.securityfocus.com/bid/15971
http://www.vupen.com/english/advisories/2005/3003

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:dec2rar.dll:dec2rar.dll:3.2.14.3:*:*:*:*:*:*:*

EPSS

Процентиль: 93%

0.1079

Средний

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-gw4v-549p-9jgg

github

почти 4 года назад