2 results (0.003 seconds)

CVSS: 6.8EPSS: 3%CPEs: 13EXPL: 0

Stack-based buffer overflow in Symantec Decomposer, as used in certain Symantec antivirus products including Symantec Scan Engine 5.1.2 and other versions before 5.1.6.31, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed RAR file to the Internet Content Adaptation Protocol (ICAP) port (1344/tcp). Vulnerabilidad de Desbordamiento de búfer basado en pila en Symantec Decomposer incluído en productos como Symantec Scan Engine 5.1.2 y versiones anteriores a 5.1.6.31, que permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (caída de aplicación) a través de un fichero RAR mal formado al puerto (1344/tcp) Internet Content Adaptation Protocol (ICAP) • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=667 http://secunia.com/advisories/29140 http://www.securityfocus.com/bid/27913 http://www.securitytracker.com/id?1019503 http://www.symantec.com/avcenter/security/Content/2008.02.27.html http://www.vupen.com/english/advisories/2008/0680 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 1%CPEs: 10EXPL: 0

Integer signedness error in the administrative interface for Symantec AntiVirus Scan Engine 4.0 and 4.3 allows remote attackers to execute arbitrary code via crafted HTTP headers with negative values, which lead to a heap-based buffer overflow. • http://secunia.com/advisories/17049 http://securityreason.com/securityalert/48 http://securitytracker.com/id?1015001 http://www.idefense.com/application/poi/display?id=314&type=vulnerabilities http://www.kb.cert.org/vuls/id/849209 http://www.osvdb.org/19854 http://www.securityfocus.com/bid/15001 http://www.symantec.com/avcenter/security/Content/2005.10.04.html http://www.vupen.com/english/advisories/2005/1954 https://exchange.xforce.ibmcloud.com/vulnerabilities/22519 •