ActiveX Vulnerability in Kaspersky Anti-Virus and Internet Security Products
CVE-2007-1112

Currently unrated

Key Information:

Vendor: kaspersky
Status: Kaspersky Anti-virus; Kaspersky Internet Security
Vendor: CVE Published:; 6 April 2007

Summary

Kaspersky Anti-Virus 6.0 and Internet Security 6.0 are affected by a vulnerability that exposes unsafe methods in two ActiveX controls, AxKLProd60.dll and AxKLSysInfo.dll. This flaw allows remote attackers to execute crafted commands that can result in unauthorized downloading or deletion of arbitrary files. Exploitation occurs through manipulation of methods such as DeleteFile, StartBatchUploading, StartStrBatchUploading, or StartUploading. Users should prioritize updates to mitigate potential security risks.

References

http://www.securitytracker.com/id?1017884

vdb-entryx_refsource_SECTRACK

http://www.securitytracker.com/id?1017885

vdb-entryx_refsource_SECTRACK

http://secunia.com/advisories/24778

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Apr 6, 2007
Vulnerability Reserved
Feb 26, 2007