CVE-2007-1112

Currently unrated

Key Information:

Vendor: kaspersky
Status: Kaspersky Anti-virus; Kaspersky Internet Security
Vendor: CVE Published:; 6 April 2007

Summary

Kaspersky Anti-Virus 6.0 and Internet Security 6.0 exposes unsafe methods in the (a) AXKLPROD60Lib.KAV60Info (AxKLProd60.dll) and (b) AXKLSYSINFOLib.SysInfo (AxKLSysInfo.dll) ActiveX controls, which allows remote attackers to "download" or delete arbitrary files via crafted arguments to the (1) DeleteFile, (2) StartBatchUploading, (3) StartStrBatchUploading, or (4) StartUploading methods.

References

http://www.securitytracker.com/id?1017884

vdb-entryx_refsource_SECTRACK

http://www.securitytracker.com/id?1017885

vdb-entryx_refsource_SECTRACK

http://secunia.com/advisories/24778

third-party-advisoryx_refsource_SECUNIA

EPSS Score

4% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 6, 2007
Vulnerability Reserved
Feb 26, 2007