10

CVE-2007-1112

Kaspersky Anti-Virus 6.0 and Internet Security 6.0 exposes unsafe methods in the (a) AXKLPROD60Lib.KAV60Info (AxKLProd60.dll) and (b) AXKLSYSINFOLib.SysInfo (AxKLSysInfo.dll) ActiveX controls, which allows remote attackers to "download" or delete arbitrary files via crafted arguments to the (1) DeleteFile, (2) StartBatchUploading, (3) StartStrBatchUploading, or (4) StartUploading methods.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Kaspersky LabKaspersky Anti-virus Version6.0 Editionwindows_workstation
Kaspersky LabKaspersky Internet Security Version6.0 Updatemaintenance_pack_2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.88% 0.909
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/24778
Patch
Vendor Advisory
http://www.kaspersky.com/technews?id=203038694
Patch
http://www.vupen.com/english/advisories/2007/1268
http://www.securityfocus.com/archive/1/464882/100/0/threaded
http://www.securityfocus.com/bid/23345
http://www.securitytracker.com/id?1017884
http://www.securitytracker.com/id?1017885
http://www.zerodayinitiative.com/advisories/ZDI-07-014.html
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/33464