CVE-2005-0249 (GCVE-0-2005-0249)
Vulnerability from cvelistv5
Published
2005-02-08 05:00
Modified
2024-08-07 21:05
Severity ?
CWE
  • n/a
Summary
Heap-based buffer overflow in the DEC2EXE module for Symantec AntiVirus Library allows remote attackers to execute arbitrary code via a UPX compressed file containing a negative virtual offset to a crafted PE header.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T21:05:25.457Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VU#107822",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/107822"
          },
          {
            "name": "20050208 Symantec AntiVirus Library Heap Overflow",
            "tags": [
              "third-party-advisory",
              "x_refsource_ISS",
              "x_transferred"
            ],
            "url": "http://xforce.iss.net/xforce/alerts/id/187"
          },
          {
            "name": "1013133",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1013133"
          },
          {
            "name": "upx-engine-gain-control(18869)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18869"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.symantec.com/avcenter/security/Content/2005.02.08.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-02-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in the DEC2EXE module for Symantec AntiVirus Library allows remote attackers to execute arbitrary code via a UPX compressed file containing a negative virtual offset to a crafted PE header."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "VU#107822",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/107822"
        },
        {
          "name": "20050208 Symantec AntiVirus Library Heap Overflow",
          "tags": [
            "third-party-advisory",
            "x_refsource_ISS"
          ],
          "url": "http://xforce.iss.net/xforce/alerts/id/187"
        },
        {
          "name": "1013133",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1013133"
        },
        {
          "name": "upx-engine-gain-control(18869)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18869"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.symantec.com/avcenter/security/Content/2005.02.08.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-0249",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Heap-based buffer overflow in the DEC2EXE module for Symantec AntiVirus Library allows remote attackers to execute arbitrary code via a UPX compressed file containing a negative virtual offset to a crafted PE header."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "VU#107822",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/107822"
            },
            {
              "name": "20050208 Symantec AntiVirus Library Heap Overflow",
              "refsource": "ISS",
              "url": "http://xforce.iss.net/xforce/alerts/id/187"
            },
            {
              "name": "1013133",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1013133"
            },
            {
              "name": "upx-engine-gain-control(18869)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18869"
            },
            {
              "name": "http://www.symantec.com/avcenter/security/Content/2005.02.08.html",
              "refsource": "CONFIRM",
              "url": "http://www.symantec.com/avcenter/security/Content/2005.02.08.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-0249",
    "datePublished": "2005-02-08T05:00:00",
    "dateReserved": "2005-02-08T00:00:00",
    "dateUpdated": "2024-08-07T21:05:25.457Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2005-0249\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2005-02-08T05:00:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Heap-based buffer overflow in the DEC2EXE module for Symantec AntiVirus Library allows remote attackers to execute arbitrary code via a UPX compressed file containing a negative virtual offset to a crafted PE header.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":true,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:antivirus_scan_engine:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.3.3\",\"matchCriteriaId\":\"5797D88E-6D89-46F9-AC32-154754D6B856\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:brightmail_antispam:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"95436CD6-8E9C-4F89-9683-0650F6167027\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:brightmail_antispam:5.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC910CFD-9F20-473E-BC2D-64A7A3C14404\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.434:mr3:*:*:*:*:*:*\",\"matchCriteriaId\":\"BE15AE1D-8647-444F-90F0-FC658A3AC344\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.437:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C03FA86-F2E6-4E41-8368-E917C91D7837\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.446:mr4:*:*:*:*:*:*\",\"matchCriteriaId\":\"95BF74F0-40F1-4395-AC85-E6B566950C53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.457:mr5:*:*:*:*:*:*\",\"matchCriteriaId\":\"994CB184-AFE8-4673-ACE8-085813F1E71F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.460:mr6:*:*:*:*:*:*\",\"matchCriteriaId\":\"85CF6FFB-4189-4558-A70D-DE6D4C0C1F82\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.464:mr7:*:*:*:*:*:*\",\"matchCriteriaId\":\"31D6A148-A92C-4FCA-8762-16764D62C363\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.471:mr8:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E6E2EA2-88DA-4DF0-9AA3-3E3D2C80C04E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:client_security:1.1.1_mr1_build_8.1.1.314a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB47C16B-5221-4D64-BDB2-65D072A66C02\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:client_security:1.1.1_mr2_build_8.1.1.319:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"204F2046-F116-45D7-9256-179A3B59886A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:client_security:1.1.1_mr3_build_8.1.1.323:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD0C67C0-3CF1-4BAD-A673-9B783E1D0724\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:client_security:1.1.1_mr4_build_8.1.1.329:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"274EA5DA-9519-46DE-B11E-87BDF1978E14\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:client_security:1.1.1_mr5_build_8.1.1.336:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"044C020A-0BCC-4037-BC32-73385A0BE019\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:gateway_security:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A939A3CE-BFBB-4950-A0D3-D5731AABF602\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:gateway_security:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5BC7324C-0415-4349-A625-04A8209D7709\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:gateway_security:2.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"031C9545-1CF1-46EF-B79C-7AD69E1B1C82\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:mail_security:4.0:*:domino:*:*:*:*:*\",\"matchCriteriaId\":\"DA6CFDFD-1EB4-458A-AD39-320E619593D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:mail_security:4.1:build_458:exchange:*:*:*:*:*\",\"matchCriteriaId\":\"15436586-B0EE-40F4-9051-90953CF3684D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:mail_security:4.1:build_459:exchange:*:*:*:*:*\",\"matchCriteriaId\":\"96290C64-A507-46B6-908D-AD567A21899F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:mail_security:4.1:build_461:exchange:*:*:*:*:*\",\"matchCriteriaId\":\"2955A350-222F-4AD9-9745-9468D46503F5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:mail_security:4.5_build_719:*:exchange:*:*:*:*:*\",\"matchCriteriaId\":\"5CA62889-7A55-459F-BFD8-D38CD93F9219\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_antivirus:2.18_build_83:*:exchange:*:*:*:*:*\",\"matchCriteriaId\":\"3E906A81-4081-438E-948C-FC82BF7203F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_antivirus:8.1.1.319:*:corporate:*:*:*:*:*\",\"matchCriteriaId\":\"E626F14C-FDE9-4C6A-8CE7-B99CD4FEE485\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_antivirus:8.1.1.323:*:corporate:*:*:*:*:*\",\"matchCriteriaId\":\"EC4CFE5A-4D51-405D-B92E-37DE4E617ABE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_antivirus:8.1.1.329:*:corporate:*:*:*:*:*\",\"matchCriteriaId\":\"727A116A-D18C-4F3F-A6A8-2C6107FFB8C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_antivirus:8.1.1_build8.1.1.314a:*:corporate:*:*:*:*:*\",\"matchCriteriaId\":\"4A6612F1-4CA8-427A-AED4-854F943BA3D8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_antivirus:8.01.434:*:corporate:*:*:*:*:*\",\"matchCriteriaId\":\"8BB225A0-7FB9-4AD2-8ED2-5CC1AEBAAB3C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_antivirus:8.01.437:*:corporate:*:*:*:*:*\",\"matchCriteriaId\":\"9603C423-F24A-4607-B721-D02EDA94AE8D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_antivirus:8.01.446:*:corporate:*:*:*:*:*\",\"matchCriteriaId\":\"574AAAA6-8181-457B-84CE-5AEB1895E3B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_antivirus:8.01.457:*:corporate:*:*:*:*:*\",\"matchCriteriaId\":\"DF957AD3-B6E5-4BD7-832F-33E734817B77\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_antivirus:8.01.460:*:corporate:*:*:*:*:*\",\"matchCriteriaId\":\"14D862F4-BE5F-4E6B-9955-ACFB48A5D3B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_antivirus:8.01.464:*:corporate:*:*:*:*:*\",\"matchCriteriaId\":\"768B7F5E-E4AD-420E-92FA-A58E1AE3D1BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_antivirus:8.01.471:*:corporate:*:*:*:*:*\",\"matchCriteriaId\":\"C15B7FEA-E6A9-4DBE-B1A9-E17E91512A77\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_antivirus:9.0:*:macintosh_corporate:*:*:*:*:*\",\"matchCriteriaId\":\"DFD3D01C-9169-4CFE-9EA0-61D32BFA8943\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_antivirus:2004:*:windows:*:*:*:*:*\",\"matchCriteriaId\":\"A7FC3B67-D36C-4C9F-B5DC-8FBE3D6E9E29\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_internet_security:2004:*:professional:*:*:*:*:*\",\"matchCriteriaId\":\"09CA1AC8-E273-44C1-9D1C-19542EB57433\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_system_works:2004:*:windows:*:*:*:*:*\",\"matchCriteriaId\":\"676BCD67-231B-409B-AE6B-D00314C30C9B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:sav_filter_domino_nt_ports:build3.0.5:*:aix:*:*:*:*:*\",\"matchCriteriaId\":\"20030FF8-7275-4AFB-A051-C78F3D3990D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:sav_filter_domino_nt_ports:build3.0.5:*:os_400:*:*:*:*:*\",\"matchCriteriaId\":\"4CD83506-91E9-4556-A993-8FDD31FBDF24\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:sav_filter_for_domino_nt:3.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4004DB50-022B-48C9-B9E5-5110DF37A0B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:web_security:3.01.59:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B05B8522-E203-49A0-8C5B-3DA7B06AF5AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:web_security:3.01.60:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9FD064CE-3C39-4243-B59E-CC8E48ED50DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:web_security:3.01.61:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9886B467-793C-4D07-9B1B-B80FA5266D29\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:web_security:3.01.62:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"676F5A96-B21B-49FF-86EA-F18F9C3931C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:web_security:3.01.63:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"18991132-C5B6-43AB-BDCB-196BB2957F27\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:web_security:3.01.67:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"42CE2596-83A9-4A80-A8C6-825EDEAAB8B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:web_security:3.01.68:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CBA16BAF-6263-44EA-B3EB-187264913D8D\"}]}]}],\"references\":[{\"url\":\"http://securitytracker.com/id?1013133\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/107822\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.symantec.com/avcenter/security/Content/2005.02.08.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://xforce.iss.net/xforce/alerts/id/187\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/18869\",\"source\":\"cve@mitre.org\",\"tags\":[\"VDB Entry\"]},{\"url\":\"http://securitytracker.com/id?1013133\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/107822\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.symantec.com/avcenter/security/Content/2005.02.08.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://xforce.iss.net/xforce/alerts/id/187\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/18869\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"VDB Entry\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.