9.3

CVE-2007-3675

EPSS 7.66%
Published 12.10.2007 20:17:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Multiple format string vulnerabilities in the kavwebscan.CKAVWebScan ActiveX control (kavwebscan.dll) in Kaspersky Online Scanner before 5.0.98 allow remote attackers to execute arbitrary code via format string specifiers in "various string formatting functions," which trigger heap-based buffer overflows.

Affected products Warnungen 0 Metrics 2 CWE 1 References 10

Data is provided by the National Vulnerability Database (NVD)

Kaspersky Lab ≫ Online Scanner Version <= 5.0.93

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	7.66%	0.91

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-134 Use of Externally-Controlled Format String

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=606

http://secunia.com/advisories/27187

Patch

Vendor Advisory

http://securitytracker.com/id?1018800

Patch

http://www.kaspersky.com/news?id=207575572

Patch

http://www.securityfocus.com/bid/26004

Patch

http://www.vupen.com/english/advisories/2007/3455

https://exchange.xforce.ibmcloud.com/vulnerabilities/37057

https://nvd.nist.gov/vuln/detail/CVE-2007-3675

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-3675

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-3675

EUVD