| Vulnerability Name: | CVE-2007-1112 (CCN-33464) | ||||||||
| Assigned: | 2007-04-04 | ||||||||
| Published: | 2007-04-04 | ||||||||
| Updated: | 2018-10-16 | ||||||||
| Summary: | Kaspersky Anti-Virus 6.0 and Internet Security 6.0 exposes unsafe methods in the (a) AXKLPROD60Lib.KAV60Info (AxKLProd60.dll) and (b) AXKLSYSINFOLib.SysInfo (AxKLSysInfo.dll) ActiveX controls, which allows remote attackers to "download" or delete arbitrary files via crafted arguments to the (1) DeleteFile, (2) StartBatchUploading, (3) StartStrBatchUploading, or (4) StartUploading methods. | ||||||||
| CVSS v3 Severity: | 4.8 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C) 7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
3.0 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: MITRE Type: CNA CVE-2007-1112 Source: MITRE Type: CNA CVE-2007-1879 Source: CCN Type: SA24778 Kaspersky Products Multiple Vulnerabilities Source: SECUNIA Type: Patch, Vendor Advisory 24778 Source: CCN Type: SECTRACK ID: 1017871 Kaspersky Anti-Virus `AxKLSysInfo.dll` ActiveX Control Lets Remote Users View Files Source: CCN Type: SECTRACK ID: 1017884 Kaspersky Anti-Virus ActiveX Controls Let Remote Users View and Delete Files Source: CCN Type: SECTRACK ID: 1017885 Kaspersky Internet Security ActiveX Controls Let Remote Users View and Delete Files Source: CCN Type: Kaspersky Anti-Virus and Internet Security Web site Kaspersky Anti-Virus 6.0, Kaspersky Internet Security 6.0 - 5 vulnerabilities fixed in Maintenance Pack 2.0 build 6.0.2.614 Source: CONFIRM Type: Patch http://www.kaspersky.com/technews?id=203038694 Source: CCN Type: OSVDB ID: 33849 Kaspersky Multiple Products AXKLPROD60Lib.KAV60Info ActiveX Multiple Method Arbitrary File Manipulation Source: CCN Type: OSVDB ID: 33850 Kaspersky Multiple Products AXKLSYSINFOLib.SysInfo ActiveX Multiple Method Arbitrary File Manipulation Source: CCN Type: OSVDB ID: 34328 Kaspersky Multiple Products KL.SysInfo ActiveX (AxKLSysInfo.dll) StartUploading Function Arbitrary File Access Source: BUGTRAQ Type: UNKNOWN 20070405 ZDI-07-014: Kaspersky Anti-Virus ActiveX Control Unsafe Method Exposure Vulnerablity Source: CCN Type: BID-23325 Kaspersky AntiVirus SysInfo ActiveX Control Arbitrary File Exfiltration Vulnerability Source: BID Type: UNKNOWN 23345 Source: CCN Type: BID-23345 Kaspersky AntiVirus Prod60 ActiveX Control Arbitrary File Exfiltration Vulnerability Source: SECTRACK Type: UNKNOWN 1017884 Source: SECTRACK Type: UNKNOWN 1017885 Source: VUPEN Type: UNKNOWN ADV-2007-1268 Source: MISC Type: Vendor Advisory http://www.zerodayinitiative.com/advisories/ZDI-07-014.html Source: XF Type: UNKNOWN kaspersky-multiple-unsafe-info-disclosure(33464) Source: XF Type: UNKNOWN kaspersky-startuploading-info-disclosure(33464) Source: CCN Type: iDefense Labs PUBLIC ADVISORY: 04.04.07 Kaspersky AntiVirus SysInfo ActiveX Control Information Disclosure Vulnerability Source: CCN Type: ZDI-07-014 Kaspersky Anti-Virus ActiveX Control Unsafe Method Exposure Vulnerablity | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||