Heap-based buffer overflow in the DEC2EXE module for Symantec AntiVirus Library allows remote attackers to execute arbitrary code via a UPX compressed file containing a negative virtual offset to a crafted PE header.
Conclusion & alert: CVE-2005-0249 is rated High Risk (68.9/100): CVSS High severity, with high exploitation likelihood (EPSS 18.83%, 97th percentile). Core evidence: EPSS ranks this CVE among the most likely to be exploited in the near term. EPSS rose +8.23% over the last day, indicating growing attacker interest. Mandatory action: High exploitation likelihood—assess exposure and prioritize remediation.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 10.60% | 18.83% | +8.23% |
| 2 | 2025-03-30 | 7.59% | 10.60% | +3.01% |
| 3 | 2025-03-29 | — | 7.59% | — |
Full EPSS history (11 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 7.5 | 2.0 | HIGH |
|
10.0 | 6.4 | [email protected] |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| symantec | antivirus_scan_engine | < 4.3.3 | cpe:2.3:a:symantec:antivirus_scan_engine:*:*:*:*:*:*:*:* |
| symantec | brightmail_antispam | 4.0 | cpe:2.3:a:symantec:brightmail_antispam:4.0:*:*:*:*:*:*:* |
| symantec | brightmail_antispam | 5.5 | cpe:2.3:a:symantec:brightmail_antispam:5.5:*:*:*:*:*:*:* |
| symantec | client_security | 1.0.1_build_8.01.434 | cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.434:mr3:*:*:*:*:*:* |
| symantec | client_security | 1.0.1_build_8.01.437 | cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.437:*:*:*:*:*:*:* |
| symantec | client_security | 1.0.1_build_8.01.446 | cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.446:mr4:*:*:*:*:*:* |
| symantec | client_security | 1.0.1_build_8.01.457 | cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.457:mr5:*:*:*:*:*:* |
| symantec | client_security | 1.0.1_build_8.01.460 | cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.460:mr6:*:*:*:*:*:* |
| symantec | client_security | 1.0.1_build_8.01.464 | cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.464:mr7:*:*:*:*:*:* |
| symantec | client_security | 1.0.1_build_8.01.471 | cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.471:mr8:*:*:*:*:*:* |
| symantec | client_security | 1.1.1_mr1_build_8.1.1.314a | cpe:2.3:a:symantec:client_security:1.1.1_mr1_build_8.1.1.314a:*:*:*:*:*:*:* |
| symantec | client_security | 1.1.1_mr2_build_8.1.1.319 | cpe:2.3:a:symantec:client_security:1.1.1_mr2_build_8.1.1.319:*:*:*:*:*:*:* |
| symantec | client_security | 1.1.1_mr3_build_8.1.1.323 | cpe:2.3:a:symantec:client_security:1.1.1_mr3_build_8.1.1.323:*:*:*:*:*:*:* |
| symantec | client_security | 1.1.1_mr4_build_8.1.1.329 | cpe:2.3:a:symantec:client_security:1.1.1_mr4_build_8.1.1.329:*:*:*:*:*:*:* |
| symantec | client_security | 1.1.1_mr5_build_8.1.1.336 | cpe:2.3:a:symantec:client_security:1.1.1_mr5_build_8.1.1.336:*:*:*:*:*:*:* |
| symantec | gateway_security | 1.0 | cpe:2.3:a:symantec:gateway_security:1.0:*:*:*:*:*:*:* |
| symantec | gateway_security | 2.0 | cpe:2.3:a:symantec:gateway_security:2.0:*:*:*:*:*:*:* |
| symantec | gateway_security | 2.0.1 | cpe:2.3:a:symantec:gateway_security:2.0.1:*:*:*:*:*:*:* |
| symantec | mail_security | 4.0 | cpe:2.3:a:symantec:mail_security:4.0:*:domino:*:*:*:*:* |
| symantec | mail_security | 4.1 | cpe:2.3:a:symantec:mail_security:4.1:build_458:exchange:*:*:*:*:* |
| symantec | mail_security | 4.1 | cpe:2.3:a:symantec:mail_security:4.1:build_459:exchange:*:*:*:*:* |
| symantec | mail_security | 4.1 | cpe:2.3:a:symantec:mail_security:4.1:build_461:exchange:*:*:*:*:* |
| symantec | mail_security | 4.5_build_719 | cpe:2.3:a:symantec:mail_security:4.5_build_719:*:exchange:*:*:*:*:* |
| symantec | norton_antivirus | 2.18_build_83 | cpe:2.3:a:symantec:norton_antivirus:2.18_build_83:*:exchange:*:*:*:*:* |
| symantec | norton_antivirus | 8.1.1.319 | cpe:2.3:a:symantec:norton_antivirus:8.1.1.319:*:corporate:*:*:*:*:* |
| symantec | norton_antivirus | 8.1.1.323 | cpe:2.3:a:symantec:norton_antivirus:8.1.1.323:*:corporate:*:*:*:*:* |
| symantec | norton_antivirus | 8.1.1.329 | cpe:2.3:a:symantec:norton_antivirus:8.1.1.329:*:corporate:*:*:*:*:* |
| symantec | norton_antivirus | 8.1.1_build8.1.1.314a | cpe:2.3:a:symantec:norton_antivirus:8.1.1_build8.1.1.314a:*:corporate:*:*:*:*:* |
| symantec | norton_antivirus | 8.01.434 | cpe:2.3:a:symantec:norton_antivirus:8.01.434:*:corporate:*:*:*:*:* |
| symantec | norton_antivirus | 8.01.437 | cpe:2.3:a:symantec:norton_antivirus:8.01.437:*:corporate:*:*:*:*:* |
| symantec | norton_antivirus | 8.01.446 | cpe:2.3:a:symantec:norton_antivirus:8.01.446:*:corporate:*:*:*:*:* |
| symantec | norton_antivirus | 8.01.457 | cpe:2.3:a:symantec:norton_antivirus:8.01.457:*:corporate:*:*:*:*:* |
| symantec | norton_antivirus | 8.01.460 | cpe:2.3:a:symantec:norton_antivirus:8.01.460:*:corporate:*:*:*:*:* |
| symantec | norton_antivirus | 8.01.464 | cpe:2.3:a:symantec:norton_antivirus:8.01.464:*:corporate:*:*:*:*:* |
| symantec | norton_antivirus | 8.01.471 | cpe:2.3:a:symantec:norton_antivirus:8.01.471:*:corporate:*:*:*:*:* |
| symantec | norton_antivirus | 9.0 | cpe:2.3:a:symantec:norton_antivirus:9.0:*:macintosh_corporate:*:*:*:*:* |
| symantec | norton_antivirus | 2004 | cpe:2.3:a:symantec:norton_antivirus:2004:*:windows:*:*:*:*:* |
| symantec | norton_internet_security | 2004 | cpe:2.3:a:symantec:norton_internet_security:2004:*:professional:*:*:*:*:* |
| symantec | norton_system_works | 2004 | cpe:2.3:a:symantec:norton_system_works:2004:*:windows:*:*:*:*:* |
| symantec | sav_filter_domino_nt_ports | build3.0.5 | cpe:2.3:a:symantec:sav_filter_domino_nt_ports:build3.0.5:*:aix:*:*:*:*:* |
| symantec | sav_filter_domino_nt_ports | build3.0.5 | cpe:2.3:a:symantec:sav_filter_domino_nt_ports:build3.0.5:*:os_400:*:*:*:*:* |
| symantec | sav_filter_for_domino_nt | 3.1.1 | cpe:2.3:a:symantec:sav_filter_for_domino_nt:3.1.1:*:*:*:*:*:*:* |
| symantec | web_security | 3.01.59 | cpe:2.3:a:symantec:web_security:3.01.59:*:*:*:*:*:*:* |
| symantec | web_security | 3.01.60 | cpe:2.3:a:symantec:web_security:3.01.60:*:*:*:*:*:*:* |
| symantec | web_security | 3.01.61 | cpe:2.3:a:symantec:web_security:3.01.61:*:*:*:*:*:*:* |
| symantec | web_security | 3.01.62 | cpe:2.3:a:symantec:web_security:3.01.62:*:*:*:*:*:*:* |
| symantec | web_security | 3.01.63 | cpe:2.3:a:symantec:web_security:3.01.63:*:*:*:*:*:*:* |
| symantec | web_security | 3.01.67 | cpe:2.3:a:symantec:web_security:3.01.67:*:*:*:*:*:*:* |
| symantec | web_security | 3.01.68 | cpe:2.3:a:symantec:web_security:3.01.68:*:*:*:*:*:*:* |
| URL | Tags |
|---|---|
| http://securitytracker.com/id?1013133 | Third Party Advisory VDB Entry |
| http://www.kb.cert.org/vuls/id/107822 | Patch Third Party Advisory US Government Resource |
| http://www.symantec.com/avcenter/security/Content/2005.02.08.html | Patch Vendor Advisory |
| http://xforce.iss.net/xforce/alerts/id/187 | Patch Vendor Advisory |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/18869 | VDB Entry |