CVE-2007-1112

medium

Description

Kaspersky Anti-Virus 6.0 and Internet Security 6.0 exposes unsafe methods in the (a) AXKLPROD60Lib.KAV60Info (AxKLProd60.dll) and (b) AXKLSYSINFOLib.SysInfo (AxKLSysInfo.dll) ActiveX controls, which allows remote attackers to "download" or delete arbitrary files via crafted arguments to the (1) DeleteFile, (2) StartBatchUploading, (3) StartStrBatchUploading, or (4) StartUploading methods.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/33464

http://www.zerodayinitiative.com/advisories/ZDI-07-014.html

http://www.vupen.com/english/advisories/2007/1268

http://www.securitytracker.com/id?1017885

http://www.securitytracker.com/id?1017884

http://www.securityfocus.com/bid/23345

http://www.securityfocus.com/archive/1/464882/100/0/threaded

http://www.kaspersky.com/technews?id=203038694

http://secunia.com/advisories/24778

Details

Source: Mitre, NVD

Published: 2007-04-06

Updated: 2018-10-16

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Severity: Medium