CVE-2007-1879 — LAB Kaspersky Internet Security vulnerability

3 documents3 sources

Severity

9.3CRITICALNVD

CNA10.0

EPSS

1.8%

top 17.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Kaspersky LAB Kaspersky Internet Security Kaspersky LAB Kaspersky Anti-virus

Timeline

PublishedApr 6

Latest updateMay 1

Description

The StartUploading function in KL.SysInfo ActiveX control (AxKLSysInfo.dll) in Kaspersky Anti-Virus 6.0 and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows remote attackers to read arbitrary files by triggering an outbound anonymous FTP session that invokes the PUT command. NOTE: this issue might be related to CVE-2007-1112.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

▶NVDkaspersky_lab/kaspersky_internet_security6.0.1.411

▶NVDkaspersky_lab/kaspersky_anti-virus6.0

🔴Vulnerability Details

GHSA

GHSA-6h47-3rcf-qqpq: The StartUploading function in KL↗2022-05-01

▶

CVEList

CVE-2007-1879: The StartUploading function in KL↗2007-04-06

▶