Vulnerability Details CVE-2007-3675
Multiple format string vulnerabilities in the kavwebscan.CKAVWebScan ActiveX control (kavwebscan.dll) in Kaspersky Online Scanner before 5.0.98 allow remote attackers to execute arbitrary code via format string specifiers in "various string formatting functions," which trigger heap-based buffer overflows.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.077
EPSS Ranking 91.5%
CVSS Severity
CVSS v2 Score 9.3
References
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=606
- http://secunia.com/advisories/27187
- http://securitytracker.com/id?1018800
- http://www.kaspersky.com/news?id=207575572
- http://www.securityfocus.com/bid/26004
- http://www.vupen.com/english/advisories/2007/3455
- https://exchange.xforce.ibmcloud.com/vulnerabilities/37057
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=606
- http://secunia.com/advisories/27187
- http://securitytracker.com/id?1018800
- http://www.kaspersky.com/news?id=207575572
- http://www.securityfocus.com/bid/26004
- http://www.vupen.com/english/advisories/2007/3455
- https://exchange.xforce.ibmcloud.com/vulnerabilities/37057
Products affected by CVE-2007-3675
-
cpe:2.3:a:kaspersky_lab:online_scanner:*