CVE-2007-1879

2007-04-0600:19:00

[email protected]

web.nvd.nist.gov

kaspersky

activex

vulnerability

remote attackers

arbitrary files

ftp

cve-2007

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

6.5 Medium

AI Score

Confidence

Low

0.057 Low

EPSS

Percentile

93.4%

JSON

The StartUploading function in KL.SysInfo ActiveX control (AxKLSysInfo.dll) in Kaspersky Anti-Virus 6.0 and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows remote attackers to read arbitrary files by triggering an outbound anonymous FTP session that invokes the PUT command. NOTE: this issue might be related to CVE-2007-1112.

Affected configurations

NVD

Node

kaspersky_labkaspersky_anti-virusMatch6.0windows_workstation

kaspersky_labkaspersky_internet_securityRange≤6.0.1.411

CPENameOperatorVersion
kaspersky_lab:kaspersky_anti-viruskaspersky lab kaspersky anti-viruseq6.0
kaspersky_lab:kaspersky_internet_securitykaspersky lab kaspersky internet securityle6.0.1.411

CPE	Name	Operator	Version
kaspersky_lab:kaspersky_anti-virus	kaspersky lab kaspersky anti-virus	eq	6.0
kaspersky_lab:kaspersky_internet_security	kaspersky lab kaspersky internet security	le	6.0.1.411