CVE-2007-1112 — LAB Kaspersky Anti-virus vulnerability

3 documents3 sources

Severity

10.0CRITICALNVD

EPSS

4.1%

top 11.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Kaspersky LAB Kaspersky Anti-virus Kaspersky LAB Kaspersky Internet Security

Timeline

PublishedApr 6

Latest updateMay 1

Description

Kaspersky Anti-Virus 6.0 and Internet Security 6.0 exposes unsafe methods in the (a) AXKLPROD60Lib.KAV60Info (AxKLProd60.dll) and (b) AXKLSYSINFOLib.SysInfo (AxKLSysInfo.dll) ActiveX controls, which allows remote attackers to "download" or delete arbitrary files via crafted arguments to the (1) DeleteFile, (2) StartBatchUploading, (3) StartStrBatchUploading, or (4) StartUploading methods.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶NVDkaspersky_lab/kaspersky_anti-virus6.0

▶NVDkaspersky_lab/kaspersky_internet_security6.0

Patches

Patch: secunia.com ↗Patch: www.kaspersky.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-q32c-8v8g-6597: Kaspersky Anti-Virus 6↗2022-05-01

▶

CVEList

CVE-2007-1112: Kaspersky Anti-Virus 6↗2007-04-06

▶