Vulnerability Name: | CVE-2007-4206 (CCN-35782) | ||||||||
Assigned: | 2007-08-01 | ||||||||
Published: | 2007-08-01 | ||||||||
Updated: | 2017-07-29 | ||||||||
Summary: | Kaspersky Anti-Spam 3.0 MP1 before Critical Fix 2 (3.0.278.4) sets incorrect permissions for application files in certain upgrade scenarios, which might allow local users to gain privileges. | ||||||||
CVSS v3 Severity: | 4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)
| ||||||||
CVSS v2 Severity: | 4.4 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P) 3.2 Low (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
1.9 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:H/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-Other | ||||||||
Vulnerability Consequences: | File Manipulation | ||||||||
References: | Source: MITRE Type: CNA CVE-2007-4206 Source: OSVDB Type: UNKNOWN 37216 Source: CCN Type: SA26312 Kaspersky Anti-Spam Insecure File Permissions Source: SECUNIA Type: Vendor Advisory 26312 Source: CCN Type: Kaspersky Web site Kaspersky Anti-Spam 3.0 MP1 Critical Fix 2 (3.0.278.4) Source: CONFIRM Type: UNKNOWN http://www.kaspersky.com/technews?id=203038705 Source: CCN Type: OSVDB ID: 37216 Kaspersky Anti-Spam Upgrade Insecure File Permission Weakness Local Privilege Escalation Source: BID Type: Patch 25189 Source: CCN Type: BID-25189 Kaspersky Anti-Spam Insecure File Permissions Vulnerability Source: XF Type: UNKNOWN kaspersky-antispam-insecure-permissions(35782) Source: XF Type: UNKNOWN kaspersky-antispam-insecure-permissions(35782) | ||||||||
Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
BACK |