Lucene search

K

[email protected]NVD:CVE-2007-1112

HistoryApr 06, 2007 - 12:19 a.m.

CVE-2007-1112

2007-04-0600:19:00

[email protected]

web.nvd.nist.gov

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.6 Medium

AI Score

Confidence

Low

0.057 Low

EPSS

Percentile

93.4%

Kaspersky Anti-Virus 6.0 and Internet Security 6.0 exposes unsafe methods in the (a) AXKLPROD60Lib.KAV60Info (AxKLProd60.dll) and (b) AXKLSYSINFOLib.SysInfo (AxKLSysInfo.dll) ActiveX controls, which allows remote attackers to “download” or delete arbitrary files via crafted arguments to the (1) DeleteFile, (2) StartBatchUploading, (3) StartStrBatchUploading, or (4) StartUploading methods.

Affected configurations

NVD

Node

kaspersky_labkaspersky_anti-virusMatch6.0windows_workstation

OR

kaspersky_labkaspersky_internet_securityMatch6.0maintenance_pack_2

References

secunia.com/advisories/24778

www.kaspersky.com/technews?id=203038694

www.securityfocus.com/archive/1/464882/100/0/threaded

www.securityfocus.com/bid/23345

www.securitytracker.com/id?1017884

www.securitytracker.com/id?1017885

www.vupen.com/english/advisories/2007/1268

www.zerodayinitiative.com/advisories/ZDI-07-014.html

exchange.xforce.ibmcloud.com/vulnerabilities/33464

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.6 Medium

AI Score

Confidence

Low

0.057 Low

EPSS

Percentile

93.4%

Related for NVD:CVE-2007-1112

cve2 cvelist2 prion2 securityvulns2 zdi1 nvd1 kaspersky1 nessus1