CVE-2005-0249

Description

Heap-based buffer overflow in the DEC2EXE module for Symantec AntiVirus Library allows remote attackers to execute arbitrary code via a UPX compressed file containing a negative virtual offset to a crafted PE header.

Affected products

• Symantec / antivirus_scan_engine4.3.3
• Symantec / brightmail_antispam4.0 – 4.0
• Symantec / brightmail_antispam5.5 – 5.5
• Symantec / client_security1.0.1_build_8.01.446 – 1.0.1_build_8.01.446
• Symantec / client_security1.0.1_build_8.01.457 – 1.0.1_build_8.01.457
• Symantec / client_security1.0.1_build_8.01.460 – 1.0.1_build_8.01.460
• Symantec / client_security1.0.1_build_8.01.464 – 1.0.1_build_8.01.464
• Symantec / client_security1.0.1_build_8.01.471 – 1.0.1_build_8.01.471
• Symantec / client_security1.1.1_mr1_build_8.1.1.314a – 1.1.1_mr1_build_8.1.1.314a
• Symantec / client_security1.0.1_build_8.01.434 – 1.0.1_build_8.01.434
• Symantec / client_security1.0.1_build_8.01.437 – 1.0.1_build_8.01.437
• Symantec / client_security1.1.1_mr2_build_8.1.1.319 – 1.1.1_mr2_build_8.1.1.319
• Symantec / client_security1.1.1_mr3_build_8.1.1.323 – 1.1.1_mr3_build_8.1.1.323
• Symantec / client_security1.1.1_mr4_build_8.1.1.329 – 1.1.1_mr4_build_8.1.1.329
• Symantec / client_security1.1.1_mr5_build_8.1.1.336 – 1.1.1_mr5_build_8.1.1.336
• Symantec / gateway_security2.0.1 – 2.0.1
• Symantec / gateway_security2.0 – 2.0
• Symantec / gateway_security1.0 – 1.0
• Symantec / mail_security4.1 – 4.1
• Symantec / mail_security4.5_build_719 – 4.5_build_719
• Symantec / mail_security4.1 – 4.1
• Symantec / mail_security4.0 – 4.0
• Symantec / mail_security4.1 – 4.1
• Symantec / norton_antivirus8.01.446 – 8.01.446
• Symantec / norton_antivirus2.18_build_83 – 2.18_build_83
• Symantec / norton_antivirus8.1.1.319 – 8.1.1.319
• Symantec / norton_antivirus8.1.1.323 – 8.1.1.323
• Symantec / norton_antivirus8.1.1.329 – 8.1.1.329
• Symantec / norton_antivirus8.1.1_build8.1.1.314a – 8.1.1_build8.1.1.314a
• Symantec / norton_antivirus8.01.434 – 8.01.434
• Symantec / norton_antivirus8.01.437 – 8.01.437
• Symantec / norton_antivirus8.01.457 – 8.01.457
• Symantec / norton_antivirus8.01.460 – 8.01.460
• Symantec / norton_antivirus8.01.464 – 8.01.464
• Symantec / norton_antivirus8.01.471 – 8.01.471
• Symantec / norton_antivirus9.0 – 9.0
• Symantec / norton_antivirus2004 – 2004
• Symantec / norton_internet_security2004 – 2004
• Symantec / norton_system_works2004 – 2004
• Symantec / sav_filter_domino_nt_portsbuild3.0.5 – build3.0.5
• Symantec / sav_filter_domino_nt_portsbuild3.0.5 – build3.0.5
• Symantec / sav_filter_for_domino_nt3.1.1 – 3.1.1
• Symantec / web_security3.01.59 – 3.01.59
• Symantec / web_security3.01.60 – 3.01.60
• Symantec / web_security3.01.61 – 3.01.61
• Symantec / web_security3.01.62 – 3.01.62
• Symantec / web_security3.01.63 – 3.01.63
• Symantec / web_security3.01.67 – 3.01.67
• Symantec / web_security3.01.68 – 3.01.68

References

• MISChttp://www.kb.cert.org/vuls/id/107822
• MISChttp://xforce.iss.net/xforce/alerts/id/187
• MISChttp://securitytracker.com/id?1013133
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/18869
• MISChttp://www.symantec.com/avcenter/security/Content/2005.02.08.html