Vulnerabilities > CVE-2007-1112 - Unspecified vulnerability in Kaspersky LAB Kaspersky Anti-Virus and Kaspersky Internet Security
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Kaspersky Anti-Virus 6.0 and Internet Security 6.0 exposes unsafe methods in the (a) AXKLPROD60Lib.KAV60Info (AxKLProd60.dll) and (b) AXKLSYSINFOLib.SysInfo (AxKLSysInfo.dll) ActiveX controls, which allows remote attackers to "download" or delete arbitrary files via crafted arguments to the (1) DeleteFile, (2) StartBatchUploading, (3) StartStrBatchUploading, or (4) StartUploading methods.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Nessus
| NASL family | Windows |
| NASL id | KASPERSKY_AV6_MULT_VULNS.NASL |
| description | The version of the Kaspersky antivirus product installed on the remote host may be affected by buffer overflow, privilege escalation, and information disclosure vulnerabilities, depending on the actual product installed. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 25021 |
| published | 2007-04-10 |
| reporter | This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/25021 |
| title | Kaspersky Anti-Virus < 6.0.2.614 Multiple Vulnerabilities |
References
- http://secunia.com/advisories/24778
- http://www.kaspersky.com/technews?id=203038694
- http://www.securityfocus.com/archive/1/464882/100/0/threaded
- http://www.securityfocus.com/bid/23345
- http://www.securitytracker.com/id?1017884
- http://www.securitytracker.com/id?1017885
- http://www.vupen.com/english/advisories/2007/1268
- http://www.zerodayinitiative.com/advisories/ZDI-07-014.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33464