Information Disclosure Vulnerability in Kaspersky Anti-Virus and Internet Security
CVE-2007-1879
Currently unrated
Key Information:
- Vendor
kaspersky
- Vendor
- CVE Published:
- 6 April 2007
What is CVE-2007-1879?
An information disclosure vulnerability exists in the StartUploading function of the KL.SysInfo ActiveX control (AxKLSysInfo.dll) in Kaspersky Anti-Virus 6.0 and Kaspersky Internet Security 6.0 prior to Maintenance Pack 2 build 6.0.2.614. This flaw enables remote attackers to exploit an outbound anonymous FTP session to read arbitrary files by invoking the PUT command. This issue may also be associated with related vulnerabilities, increasing potential risks for affected users.