CyberSec.Space Logo
Back to CVE Browser

CVE-2007-1112

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0340%
EPSS Percentile5.48th
PublishedApr 6, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

Kaspersky Anti-Virus 6.0 and Internet Security 6.0 exposes unsafe methods in the (a) AXKLPROD60Lib.KAV60Info (AxKLProd60.dll) and (b) AXKLSYSINFOLib.SysInfo (AxKLSysInfo.dll) ActiveX controls, which allows remote attackers to "download" or delete arbitrary files via crafted arguments to the (1) DeleteFile, (2) StartBatchUploading, (3) StartStrBatchUploading, or (4) StartUploading methods.

Affected Platforms (CPE)

πŸ“¦
Kaspersky Lab

Kaspersky Anti Virus

= 6.0
πŸ“¦
Kaspersky Lab

Kaspersky Internet Security

= 6.0

References & Advisories

πŸ”— http://secunia.com/advisories/24778
πŸ”— http://www.kaspersky.com/technews?id=203038694
πŸ”— http://www.securityfocus.com/archive/1/464882/100/0/threaded
πŸ”— http://www.securityfocus.com/bid/23345
πŸ”— http://www.securitytracker.com/id?1017884
πŸ”— http://www.securitytracker.com/id?1017885
πŸ”— http://www.vupen.com/english/advisories/2007/1268
πŸ”— http://www.zerodayinitiative.com/advisories/ZDI-07-014.html

Related Vulnerabilities

CVE-2007-044510.0

Heap-based buffer overflow in the arj.ppl module in the OnDemand Scanner in Kaspersky Anti-Virus, Anti-Virus for Workstations, and...

CVE-2017-98119.8

The kluser is able to interact with the kav4fs-control binary in Kaspersky Anti-Virus for Linux File Server before Maintenance Pac...

CVE-2007-18799.3

The StartUploading function in KL.SysInfo ActiveX control (AxKLSysInfo.dll) in Kaspersky Anti-Virus 6.0 and Internet Security 6.0 ...

CVE-2017-98108.8

There are no Anti-CSRF tokens in any forms on the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance P...