Vulnerability CVE-2005-0249 - CERT Civis.Net

Vulnerability Name:

CVE-2005-0249 (CCN-18869)

Assigned:

2005-02-08

Published:

2005-02-08

Updated:

2019-09-20

Summary:

Heap-based buffer overflow in the DEC2EXE module for Symantec AntiVirus Library allows remote attackers to execute arbitrary code via a UPX compressed file containing a negative virtual offset to a crafted PE header.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2005-0249

Source: CCN
Type: SECTRACK ID: 1013133
Symantec Norton Anti-Virus Buffer Overflow in DEC2EXE in Parsing UPX Compressed Files Lets Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1013133

Source: CCN
Type: US-CERT VU#107822
Symantec products vulnerable to buffer overflow via a specially crafted UPX file

Source: CERT-VN
Type: Patch, Third Party Advisory, US Government Resource
VU#107822

Source: CCN
Type: OSVDB ID: 13647
Symantec Multiple Products UPX DEC2EXE Parsing Routine Overflow

Source: CCN
Type: BID-12492
Symantec UPX Parsing Engine Remote Heap Overflow Vulnerability

Source: CCN
Type: Symantec Security Response SYM05-003
Symantec UPX Parsing Engine Heap Overflow

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.symantec.com/avcenter/security/Content/2005.02.08.html

Source: CCN
Type: Internet Security Systems Protection Advisory February 8, 2005
Symantec AntiVirus Library Heap Overflow

Source: ISS
Type: Patch, Vendor Advisory
20050208 Symantec AntiVirus Library Heap Overflow

Source: XF
Type: UNKNOWN
upx-engine-gain-control(18869)

Source: XF
Type: VDB Entry
upx-engine-gain-control(18869)

Vulnerable Configuration:

Configuration 1:

cpe:/a:symantec:antivirus_scan_engine:*:*:*:*:*:*:*:* (Version < 4.3.3)

OR cpe:/a:symantec:brightmail_antispam:4.0:*:*:*:*:*:*:*

OR cpe:/a:symantec:brightmail_antispam:5.5:*:*:*:*:*:*:*

OR cpe:/a:symantec:client_security:1.0.1_build_8.01.434:mr3:*:*:*:*:*:*

OR cpe:/a:symantec:client_security:1.0.1_build_8.01.437:*:*:*:*:*:*:*

OR cpe:/a:symantec:client_security:1.0.1_build_8.01.446:mr4:*:*:*:*:*:*

OR cpe:/a:symantec:client_security:1.0.1_build_8.01.457:mr5:*:*:*:*:*:*

OR cpe:/a:symantec:client_security:1.0.1_build_8.01.460:mr6:*:*:*:*:*:*

OR cpe:/a:symantec:client_security:1.0.1_build_8.01.464:mr7:*:*:*:*:*:*

OR cpe:/a:symantec:client_security:1.0.1_build_8.01.471:mr8:*:*:*:*:*:*

OR cpe:/a:symantec:client_security:1.1.1_mr1_build_8.1.1.314a:*:*:*:*:*:*:*

OR cpe:/a:symantec:client_security:1.1.1_mr2_build_8.1.1.319:*:*:*:*:*:*:*

OR cpe:/a:symantec:client_security:1.1.1_mr3_build_8.1.1.323:*:*:*:*:*:*:*

OR cpe:/a:symantec:client_security:1.1.1_mr4_build_8.1.1.329:*:*:*:*:*:*:*

OR cpe:/a:symantec:client_security:1.1.1_mr5_build_8.1.1.336:*:*:*:*:*:*:*

OR cpe:/a:symantec:gateway_security:1.0:*:*:*:*:*:*:*

OR cpe:/a:symantec:gateway_security:2.0:*:*:*:*:*:*:*

OR cpe:/a:symantec:gateway_security:2.0.1:*:*:*:*:*:*:*

OR cpe:/a:symantec:mail_security:4.0:*:domino:*:*:*:*:*

OR cpe:/a:symantec:mail_security:4.1:build_458:exchange:*:*:*:*:*

OR cpe:/a:symantec:mail_security:4.1:build_459:exchange:*:*:*:*:*

OR cpe:/a:symantec:mail_security:4.1:build_461:exchange:*:*:*:*:*

OR cpe:/a:symantec:mail_security:4.5_build_719:*:exchange:*:*:*:*:*

OR cpe:/a:symantec:norton_antivirus:2.18_build_83:*:exchange:*:*:*:*:*

OR cpe:/a:symantec:norton_antivirus:8.1.1.319:*:corporate:*:*:*:*:*

OR cpe:/a:symantec:norton_antivirus:8.1.1.323:*:corporate:*:*:*:*:*

OR cpe:/a:symantec:norton_antivirus:8.1.1.329:*:corporate:*:*:*:*:*

OR cpe:/a:symantec:norton_antivirus:8.1.1_build8.1.1.314a:*:corporate:*:*:*:*:*

OR cpe:/a:symantec:norton_antivirus:8.01.434:*:corporate:*:*:*:*:*

OR cpe:/a:symantec:norton_antivirus:8.01.437:*:corporate:*:*:*:*:*

OR cpe:/a:symantec:norton_antivirus:8.01.446:*:corporate:*:*:*:*:*

OR cpe:/a:symantec:norton_antivirus:8.01.457:*:corporate:*:*:*:*:*

OR cpe:/a:symantec:norton_antivirus:8.01.460:*:corporate:*:*:*:*:*

OR cpe:/a:symantec:norton_antivirus:8.01.464:*:corporate:*:*:*:*:*

OR cpe:/a:symantec:norton_antivirus:8.01.471:*:corporate:*:*:*:*:*

OR cpe:/a:symantec:norton_antivirus:9.0:*:macintosh_corporate:*:*:*:*:*

OR cpe:/a:symantec:norton_antivirus:2004:*:windows:*:*:*:*:*

OR cpe:/a:symantec:norton_internet_security:2004:*:professional:*:*:*:*:*

OR cpe:/a:symantec:norton_system_works:2004:*:windows:*:*:*:*:*

OR cpe:/a:symantec:sav_filter_domino_nt_ports:build3.0.5:*:aix:*:*:*:*:*

OR cpe:/a:symantec:sav_filter_domino_nt_ports:build3.0.5:*:os_400:*:*:*:*:*

OR cpe:/a:symantec:sav_filter_for_domino_nt:3.1.1:*:*:*:*:*:*:*

OR cpe:/a:symantec:web_security:3.01.59:*:*:*:*:*:*:*

OR cpe:/a:symantec:web_security:3.01.60:*:*:*:*:*:*:*

OR cpe:/a:symantec:web_security:3.01.61:*:*:*:*:*:*:*

OR cpe:/a:symantec:web_security:3.01.62:*:*:*:*:*:*:*

OR cpe:/a:symantec:web_security:3.01.63:*:*:*:*:*:*:*

OR cpe:/a:symantec:web_security:3.01.67:*:*:*:*:*:*:*

OR cpe:/a:symantec:web_security:3.01.68:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:symantec:gateway_security:2.0:*:*:*:*:*:*:*

OR cpe:/a:symantec:norton_internet_security:2004::professional:*:*:*:*:*

OR cpe:/a:symantec:norton_antivirus:2004:*:*:*:*:*:*:*

OR cpe:/a:symantec:gateway_security:1.0:*:*:*:*:*:*:*

OR cpe:/a:symantec:brightmail_antispam:4.0:*:*:*:*:*:*:*

OR cpe:/a:symantec:brightmail_antispam:5.5:*:*:*:*:*:*:*

OR cpe:/a:symantec:antivirus_scan_engine:4.0:*:*:*:*:*:*:*

OR cpe:/a:symantec:antivirus_scan_engine:4.3:*:*:*:*:*:*:*

OR cpe:/a:symantec:antivirus_scan_engine:4.3.3:*:*:*:*:*:*:*

OR cpe:/a:symantec:client_security:1.0.1_build_8.01.434:mr3:*:*:*:*:*:*

OR cpe:/a:symantec:client_security:1.0.1_build_8.01.437:*:*:*:*:*:*:*

OR cpe:/a:symantec:client_security:1.0.1_build_8.01.446:mr4:*:*:*:*:*:*

OR cpe:/a:symantec:client_security:1.0.1_build_8.01.457:mr5:*:*:*:*:*:*

OR cpe:/a:symantec:client_security:1.0.1_build_8.01.460:mr6:*:*:*:*:*:*

OR cpe:/a:symantec:client_security:1.0.1_build_8.01.464:mr7:*:*:*:*:*:*

OR cpe:/a:symantec:client_security:1.0.1_build_8.01.471:mr8:*:*:*:*:*:*

OR cpe:/a:symantec:mail_security:4.5_build_719:*:exchange:*:*:*:*:*

OR cpe:/a:symantec:web_security:3.01.62:*:*:*:*:*:*:*

OR cpe:/a:symantec:norton_system_works:2004:*:*:*:*:*:*:*

OR cpe:/a:symantec:norton_system_works:3.0::macintosh:*:*:*:*:*

OR cpe:/a:symantec:norton_internet_security:3.0::macintosh:*:*:*:*:*

OR cpe:/a:symantec:norton_antivirus:9.0::macintosh:*:*:*:*:*

OR cpe:/a:symantec:mail_security:4.0::domino:*:*:*:*:*

OR cpe:/a:symantec:web_security:3.01.68:*:*:*:*:*:*:*

OR cpe:/a:symantec:web_security:3.01.67:*:*:*:*:*:*:*

OR cpe:/a:symantec:web_security:3.01.63:*:*:*:*:*:*:*

OR cpe:/a:symantec:web_security:3.01.61:*:*:*:*:*:*:*

OR cpe:/a:symantec:web_security:3.01.60:*:*:*:*:*:*:*

OR cpe:/a:symantec:web_security:3.01.59:*:*:*:*:*:*:*

OR cpe:/a:symantec:norton_antivirus:2.18_build_83::exchange:*:*:*:*:*

OR cpe:/a:symantec:sav_filter_for_domino_nt:3.1.1:*:*:*:*:*:*:*

OR cpe:/a:symantec:mail_security:4.0.2::smtp:*:*:*:*:*

OR cpe:/a:symantec:gateway_security:2.0.1:*:*:*:*:*:*:*

Denotes that component is vulnerable