Kaspersky Anti-Virus 6.0 and Internet Security 6.0 exposes unsafe methods in the (a) AXKLPROD60Lib.KAV60Info (AxKLProd60.dll) and (b) AXKLSYSINFOLib.SysInfo (AxKLSysInfo.dll) ActiveX controls, which allows remote attackers to "download" or delete arbitrary files via crafted arguments to the (1) DeleteFile, (2) StartBatchUploading, (3) StartStrBatchUploading, or (4) StartUploading methods.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 00:27
Type | Values Removed | Values Added |
---|---|---|
References | () http://secunia.com/advisories/24778 - Patch, Vendor Advisory | |
References | () http://www.kaspersky.com/technews?id=203038694 - Patch | |
References | () http://www.securityfocus.com/archive/1/464882/100/0/threaded - | |
References | () http://www.securityfocus.com/bid/23345 - | |
References | () http://www.securitytracker.com/id?1017884 - | |
References | () http://www.securitytracker.com/id?1017885 - | |
References | () http://www.vupen.com/english/advisories/2007/1268 - | |
References | () http://www.zerodayinitiative.com/advisories/ZDI-07-014.html - Vendor Advisory | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/33464 - |
Information
Published : 2007-04-06 00:19
Updated : 2024-11-21 00:27
NVD link : CVE-2007-1112
Mitre link : CVE-2007-1112
CVE.ORG link : CVE-2007-1112
JSON object : View
Products Affected
kaspersky_lab
- kaspersky_internet_security
- kaspersky_anti-virus
CWE