The StartUploading function in KL.SysInfo ActiveX control (AxKLSysInfo.dll) in Kaspersky Anti-Virus 6.0 and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows remote attackers to read arbitrary files by triggering an outbound anonymous FTP session that invokes the PUT command. NOTE: this issue might be related to CVE-2007-1112.
CPE | Name | Operator | Version |
---|---|---|---|
kaspersky_anti-virus | eq | 6.0 windows-workstation | |
kaspersky_internet_security | le | 6.0.1.411 |