CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2007-1112

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0340%
EPSS Percentile5.48th
Published2007年4月6日
Last Modified2026年4月23日

Vulnerability Description

Kaspersky Anti-Virus 6.0 and Internet Security 6.0 exposes unsafe methods in the (a) AXKLPROD60Lib.KAV60Info (AxKLProd60.dll) and (b) AXKLSYSINFOLib.SysInfo (AxKLSysInfo.dll) ActiveX controls, which allows remote attackers to "download" or delete arbitrary files via crafted arguments to the (1) DeleteFile, (2) StartBatchUploading, (3) StartStrBatchUploading, or (4) StartUploading methods.

Affected Platforms (CPE)

📦
Kaspersky Lab

Kaspersky Anti Virus

= 6.0
📦
Kaspersky Lab

Kaspersky Internet Security

= 6.0

References & Advisories

🔗 http://secunia.com/advisories/24778
🔗 http://www.kaspersky.com/technews?id=203038694
🔗 http://www.securityfocus.com/archive/1/464882/100/0/threaded
🔗 http://www.securityfocus.com/bid/23345
🔗 http://www.securitytracker.com/id?1017884
🔗 http://www.securitytracker.com/id?1017885
🔗 http://www.vupen.com/english/advisories/2007/1268
🔗 http://www.zerodayinitiative.com/advisories/ZDI-07-014.html

相關漏洞威脅

CVE-2007-044510.0

Heap-based buffer overflow in the arj.ppl module in the OnDemand Scanner in Kaspersky Anti-Virus, Anti-Virus for Workstations, and...

CVE-2017-98119.8

The kluser is able to interact with the kav4fs-control binary in Kaspersky Anti-Virus for Linux File Server before Maintenance Pac...

CVE-2007-18799.3

The StartUploading function in KL.SysInfo ActiveX control (AxKLSysInfo.dll) in Kaspersky Anti-Virus 6.0 and Internet Security 6.0 ...

CVE-2017-98108.8

There are no Anti-CSRF tokens in any forms on the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance P...