CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2007-1879

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.1110%
EPSS Percentile10.76th
Published2007年4月6日
Last Modified2026年4月23日

Vulnerability Description

The StartUploading function in KL.SysInfo ActiveX control (AxKLSysInfo.dll) in Kaspersky Anti-Virus 6.0 and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows remote attackers to read arbitrary files by triggering an outbound anonymous FTP session that invokes the PUT command. NOTE: this issue might be related to CVE-2007-1112.

Affected Platforms (CPE)

📦
Kaspersky Lab

Kaspersky Anti Virus

= 6.0
📦
Kaspersky Lab

Kaspersky Internet Security

<= 6.0.1.411

References & Advisories

🔗 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=504
🔗 http://secunia.com/advisories/24778
🔗 http://www.kaspersky.com/technews?id=203038694
🔗 http://www.securityfocus.com/bid/23325
🔗 http://www.securitytracker.com/id?1017871
🔗 http://www.vupen.com/english/advisories/2007/1268
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/33464
🔗 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=504

相關漏洞威脅

CVE-2007-044510.0

Heap-based buffer overflow in the arj.ppl module in the OnDemand Scanner in Kaspersky Anti-Virus, Anti-Virus for Workstations, and...

CVE-2007-111210.0

Kaspersky Anti-Virus 6.0 and Internet Security 6.0 exposes unsafe methods in the (a) AXKLPROD60Lib.KAV60Info (AxKLProd60.dll) and ...

CVE-2017-98119.8

The kluser is able to interact with the kav4fs-control binary in Kaspersky Anti-Virus for Linux File Server before Maintenance Pac...

CVE-2017-98108.8

There are no Anti-CSRF tokens in any forms on the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance P...