Lucene search

[email protected]NVD:CVE-2005-3217

HistoryOct 14, 2005 - 10:02 a.m.

CVE-2005-3217

2005-10-1410:02:00

[email protected]

web.nvd.nist.gov

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

AI Score

6.5

Confidence

Low

EPSS

0.002

Percentile

54.3%

JSON

Multiple interpretation error in unspecified versions of Symantec Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.

Affected configurations

Nvd

Node

symantecantivirus_scan_engine

VendorProductVersionCPE
symantecantivirus_scan_engine*cpe:2.3:a:symantec:antivirus_scan_engine:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
symantec	antivirus_scan_engine	*	cpe:2.3:a:symantec:antivirus_scan_engine::::::::

References

marc.info/?l=bugtraq&m=112879611919750&w=2

shadock.net/secubox/AVCraftedArchive.html

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

AI Score

6.5

Confidence

Low

EPSS

0.002

Percentile

54.3%

JSON

Related for NVD:CVE-2005-3217

cve1 cvelist1