Vulnerability Name:

CVE-2005-1346 (CCN-20294)

Assigned:2005-04-27
Published:2005-04-27
Updated:2008-09-05
Summary:Multiple Symantec AntiVirus products, including Norton AntiVirus 2005 11.0.0, Web Security Web Security 3.0.1.72, Mail Security for SMTP 4.0.5.66, AntiVirus Scan Engine 4.3.7.27, SAV/Filter for Domino NT 3.1.1.87, and Mail Security for Exchange 4.5.4.743, when running on Windows, allows remote attackers to cause a denial of service (component crash) and avoid detection via a crafted RAR file.
CVSS v3 Severity:3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:2.6 Low (CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2005-1346

Source: CCN
Type: Symantec Security Response SYM05-007
Symantec AntiVirus RAR archive bypass

Source: CONFIRM
Type: Vendor Advisory
http://securityresponse.symantec.com/avcenter/security/Content/2005.04.27.html

Source: CCN
Type: OSVDB ID: 15906
Symantec Multiple Products RAR Archive Virus Detection Bypass

Source: CCN
Type: BID-13416
Symantec AntiVirus RAR Archive Scan Evasion Denial Of Service Vulnerability

Source: XF
Type: UNKNOWN
symantec-rar-detection-bypass(20294)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:symantec:antivirus_scan_engine:4.3.7.27:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:mail_security:4.0.5.66:*:smtp:*:*:*:*:*
  • OR cpe:/a:symantec:mail_security:4.5.4.743:*:exchange:*:*:*:*:*
  • OR cpe:/a:symantec:norton_antivirus:2005_11.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:norton_internet_security:2005_contains_nav_11.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:norton_system_works:2005_contains_nav_11.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:symav_filter_domino_nt:3.1.1.87:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:web_security:3.0.1.72:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:symantec:norton_antivirus:2005:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:norton_internet_security:2005:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus_scan_engine:4.3.7.27:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:norton_system_works:2005:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:mail_security:4.5.4.743::exchange:*:*:*:*:*
  • OR cpe:/a:symantec:web_security:3.0.1.72:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:mail_security:4.0.5.66::smtp:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    symantec antivirus scan engine 4.3.7.27
    symantec mail security 4.0.5.66
    symantec mail security 4.5.4.743
    symantec norton antivirus 2005_11.0.0
    symantec norton internet security 2005_contains_nav_11.0.0
    symantec norton system works 2005_contains_nav_11.0.0
    symantec symav filter domino nt 3.1.1.87
    symantec web security 3.0.1.72
    symantec norton antivirus 2005
    symantec norton internet security 2005
    symantec antivirus scan engine 4.3.7.27
    symantec norton system works 2005
    symantec mail security 4.5.4.743
    symantec web security 3.0.1.72
    symantec mail security 4.0.5.66