Information Disclosure Vulnerability in Kaspersky Anti-Virus and Internet Security
CVE-2007-1879

Currently unrated

Key Information:

Vendor: kaspersky
Status: Kaspersky Anti-virus; Kaspersky Internet Security
Vendor: CVE Published:; 6 April 2007

Summary

An information disclosure vulnerability exists in the StartUploading function of the KL.SysInfo ActiveX control (AxKLSysInfo.dll) in Kaspersky Anti-Virus 6.0 and Kaspersky Internet Security 6.0 prior to Maintenance Pack 2 build 6.0.2.614. This flaw enables remote attackers to exploit an outbound anonymous FTP session to read arbitrary files by invoking the PUT command. This issue may also be associated with related vulnerabilities, increasing potential risks for affected users.

References

http://labs.idefense.com/intelligence/vulnerabilities/dis...

third-party-advisoryx_refsource_IDEFENSE

http://secunia.com/advisories/24778

third-party-advisoryx_refsource_SECUNIA

http://www.securitytracker.com/id?1017871

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Apr 6, 2007
Vulnerability Reserved
Apr 5, 2007