Kaspersky Password Manager 5.x < 5.0.0.169 HTML Injection

low Nessus Plugin ID 62800

Synopsis

The remote Windows host has a password manager installed that is affected by an HTML injection vulnerability.

Description

The version of Kaspersky Password Manager installed on the remote Windows host is 5.x prior to 5.0.0.169. As such, it is potentially affected by an HTML injection vulnerability.

A remote attacker can trick a user into visiting a malicious website and into saving malicious code from the site when the application's password management features are used. Later, the user could trigger the malicious code when using Password Manager's export functionality.

Solution

Upgrade to Kaspersky Password Manager 5.0.0.169 or later.

See Also

https://www.securityfocus.com/archive/1/523735

Plugin Details

Severity: Low

ID: 62800

File Name: kaspersky_password_manager_5_0_0_169.nasl

Version: 1.4

Type: local

Agent: windows

Family: Windows

Published: 11/2/2012

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Vulnerability Information

CPE: x-cpe:/a:kaspersky:kaspersky_password_manager

Required KB Items: SMB/Kaspersky/PasswordManager/Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/31/2012

Vulnerability Publication Date: 7/12/2012

Reference Information

BID: 54760

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990