CVE-2007-1879

Currently unrated

Key Information:

Vendor: kaspersky
Status: Kaspersky Anti-virus; Kaspersky Internet Security
Vendor: CVE Published:; 6 April 2007

Summary

The StartUploading function in KL.SysInfo ActiveX control (AxKLSysInfo.dll) in Kaspersky Anti-Virus 6.0 and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows remote attackers to read arbitrary files by triggering an outbound anonymous FTP session that invokes the PUT command. NOTE: this issue might be related to CVE-2007-1112.

References

http://labs.idefense.com/intelligence/vulnerabilities/dis...

third-party-advisoryx_refsource_IDEFENSE

http://secunia.com/advisories/24778

third-party-advisoryx_refsource_SECUNIA

http://www.securitytracker.com/id?1017871

vdb-entryx_refsource_SECTRACK

EPSS Score

1% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 6, 2007
Vulnerability Reserved
Apr 5, 2007