CVE-2005-4438

Heap-based buffer overflow in Dec2Rar.dll 3.2.14.3, as distributed in the Symantec Antivirus Library and used by various Symantec products, allows remote attackers to execute arbitrary code via RAR archives with sub-block headers that contain incorrect values in the length field.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.rem0te.com/public/images/symc2.pdf	Vendor Advisory
http://secunia.com/advisories/18131	Vendor Advisory
http://www.kb.cert.org/vuls/id/305272	US Government Resource
http://www.securityfocus.com/bid/15971
http://securitytracker.com/id?1015384
http://securityreason.com/securityalert/276
http://www.vupen.com/english/advisories/2005/3003
http://www.securityfocus.com/archive/1/419853/100/0/threaded

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:dec2rar.dll:dec2rar.dll:3.2.14.3:*:*:*:*:*:*:*

Information

Published : 2005-12-20 17:03

Updated : 2018-10-19 08:40

NVD link : CVE-2005-4438

Mitre link : CVE-2005-4438

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

dec2rar.dll

dec2rar.dll

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.rem0te.com/public/images/symc2.pdf", "name": "http://www.rem0te.com/public/images/symc2.pdf", "tags": ["Vendor Advisory"], "refsource": "MISC"}, {"url": "http://secunia.com/advisories/18131", "name": "18131", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.kb.cert.org/vuls/id/305272", "name": "VU#305272", "tags": ["US Government Resource"], "refsource": "CERT-VN"}, {"url": "http://www.securityfocus.com/bid/15971", "name": "15971", "tags": [], "refsource": "BID"}, {"url": "http://securitytracker.com/id?1015384", "name": "1015384", "tags": [], "refsource": "SECTRACK"}, {"url": "http://securityreason.com/securityalert/276", "name": "276", "tags": [], "refsource": "SREASON"}, {"url": "http://www.vupen.com/english/advisories/2005/3003", "name": "ADV-2005-3003", "tags": [], "refsource": "VUPEN"}, {"url": "http://www.securityfocus.com/archive/1/419853/100/0/threaded", "name": "20051220 Symantec Antivirus Library Remote Heap Overflows", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Heap-based buffer overflow in Dec2Rar.dll 3.2.14.3, as distributed in the Symantec Antivirus Library and used by various Symantec products, allows remote attackers to execute arbitrary code via RAR archives with sub-block headers that contain incorrect values in the length field."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2005-4438", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2005-12-21T01:03Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:dec2rar.dll:dec2rar.dll:3.2.14.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-19T15:40Z"}