9.3
CVE-2007-3675
- EPSS 4.82%
- Veröffentlicht 12.10.2007 20:17:00
- Zuletzt bearbeitet 16.06.2026 22:42:30
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Multiple format string vulnerabilities in the kavwebscan.CKAVWebScan ActiveX control (kavwebscan.dll) in Kaspersky Online Scanner before 5.0.98 allow remote attackers to execute arbitrary code via format string specifiers in "various string formatting functions," which trigger heap-based buffer overflows.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Kaspersky Lab ≫ Online Scanner Version <= 5.0.93
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4.82% | 0.908 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
CWE-134 Use of Externally-Controlled Format String
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=606
http://secunia.com/advisories/27187
http://securitytracker.com/id?1018800
http://www.kaspersky.com/news?id=207575572
http://www.securityfocus.com/bid/26004
http://www.vupen.com/english/advisories/2007/3455
https://exchange.xforce.ibmcloud.com/vulnerabilities/37057