CVE-2005-4438

Sažetak

Heap-based buffer overflow in Dec2Rar.dll 3.2.14.3, as distributed in the Symantec Antivirus Library and used by various Symantec products, allows remote attackers to execute arbitrary code via RAR archives with sub-block headers that contain incorrect values in the length field.

Reference

http://secunia.com/advisories/18131
http://securityreason.com/securityalert/276
http://securitytracker.com/id?1015384
http://www.kb.cert.org/vuls/id/305272
http://www.rem0te.com/public/images/symc2.pdf
http://www.securityfocus.com/archive/1/419853/100/0/threaded
http://www.securityfocus.com/bid/15971
http://www.vupen.com/english/advisories/2005/3003

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

19-10-2018 - 15:40

Objavljeno

21-12-2005 - 01:03