Vulnerability Details CVE-2007-1112
Kaspersky Anti-Virus 6.0 and Internet Security 6.0 exposes unsafe methods in the (a) AXKLPROD60Lib.KAV60Info (AxKLProd60.dll) and (b) AXKLSYSINFOLib.SysInfo (AxKLSysInfo.dll) ActiveX controls, which allows remote attackers to "download" or delete arbitrary files via crafted arguments to the (1) DeleteFile, (2) StartBatchUploading, (3) StartStrBatchUploading, or (4) StartUploading methods.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.039
EPSS Ranking 87.8%
CVSS Severity
CVSS v2 Score 10.0
References
- http://secunia.com/advisories/24778
- http://www.kaspersky.com/technews?id=203038694
- http://www.securityfocus.com/archive/1/464882/100/0/threaded
- http://www.securityfocus.com/bid/23345
- http://www.securitytracker.com/id?1017884
- http://www.securitytracker.com/id?1017885
- http://www.vupen.com/english/advisories/2007/1268
- http://www.zerodayinitiative.com/advisories/ZDI-07-014.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33464
- http://secunia.com/advisories/24778
- http://www.kaspersky.com/technews?id=203038694
- http://www.securityfocus.com/archive/1/464882/100/0/threaded
- http://www.securityfocus.com/bid/23345
- http://www.securitytracker.com/id?1017884
- http://www.securitytracker.com/id?1017885
- http://www.vupen.com/english/advisories/2007/1268
- http://www.zerodayinitiative.com/advisories/ZDI-07-014.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33464
Products affected by CVE-2007-1112
-
cpe:2.3:a:kaspersky_lab:kaspersky_anti-virus:6.0
-
cpe:2.3:a:kaspersky_lab:kaspersky_internet_security:6.0