Vulnerabilities > CVE-2007-1879 - Unspecified vulnerability in Kaspersky LAB Kaspersky Anti-Virus and Kaspersky Internet Security
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
The StartUploading function in KL.SysInfo ActiveX control (AxKLSysInfo.dll) in Kaspersky Anti-Virus 6.0 and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows remote attackers to read arbitrary files by triggering an outbound anonymous FTP session that invokes the PUT command. NOTE: this issue might be related to CVE-2007-1112.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Nessus
| NASL family | Windows |
| NASL id | KASPERSKY_AV6_MULT_VULNS.NASL |
| description | The version of the Kaspersky antivirus product installed on the remote host may be affected by buffer overflow, privilege escalation, and information disclosure vulnerabilities, depending on the actual product installed. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 25021 |
| published | 2007-04-10 |
| reporter | This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/25021 |
| title | Kaspersky Anti-Virus < 6.0.2.614 Multiple Vulnerabilities |
References
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=504
- http://secunia.com/advisories/24778
- http://www.kaspersky.com/technews?id=203038694
- http://www.securityfocus.com/bid/23325
- http://www.securitytracker.com/id?1017871
- http://www.vupen.com/english/advisories/2007/1268
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33464