CVEブラウザに戻る

CVE-2007-1112

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.0340%

EPSS Percentile5.48th

Published2007年4月6日

Last Modified2026年4月23日

Vulnerability Description

Kaspersky Anti-Virus 6.0 and Internet Security 6.0 exposes unsafe methods in the (a) AXKLPROD60Lib.KAV60Info (AxKLProd60.dll) and (b) AXKLSYSINFOLib.SysInfo (AxKLSysInfo.dll) ActiveX controls, which allows remote attackers to "download" or delete arbitrary files via crafted arguments to the (1) DeleteFile, (2) StartBatchUploading, (3) StartStrBatchUploading, or (4) StartUploading methods.

Affected Platforms (CPE)

📦

Kaspersky Lab

Kaspersky Anti Virus

= 6.0

📦

Kaspersky Lab

Kaspersky Internet Security

= 6.0

References & Advisories

🔗 http://secunia.com/advisories/24778

🔗 http://www.kaspersky.com/technews?id=203038694

🔗 http://www.securityfocus.com/archive/1/464882/100/0/threaded

🔗 http://www.securityfocus.com/bid/23345

🔗 http://www.securitytracker.com/id?1017884

🔗 http://www.securitytracker.com/id?1017885

🔗 http://www.vupen.com/english/advisories/2007/1268

🔗 http://www.zerodayinitiative.com/advisories/ZDI-07-014.html

関連する脆弱性情報

CVE-2007-044510.0

Heap-based buffer overflow in the arj.ppl module in the OnDemand Scanner in Kaspersky Anti-Virus, Anti-Virus for Workstations, and...

CVE-2017-98119.8

The kluser is able to interact with the kav4fs-control binary in Kaspersky Anti-Virus for Linux File Server before Maintenance Pac...

CVE-2007-18799.3

The StartUploading function in KL.SysInfo ActiveX control (AxKLSysInfo.dll) in Kaspersky Anti-Virus 6.0 and Internet Security 6.0 ...

CVE-2017-98108.8

There are no Anti-CSRF tokens in any forms on the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance P...