Vulnerability Description
Kaspersky Anti-Virus 6.0 and Internet Security 6.0 exposes unsafe methods in the (a) AXKLPROD60Lib.KAV60Info (AxKLProd60.dll) and (b) AXKLSYSINFOLib.SysInfo (AxKLSysInfo.dll) ActiveX controls, which allows remote attackers to "download" or delete arbitrary files via crafted arguments to the (1) DeleteFile, (2) StartBatchUploading, (3) StartStrBatchUploading, or (4) StartUploading methods.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kaspersky Lab | Kaspersky Anti-Virus | 6.0 |
| Kaspersky Lab | Kaspersky Internet Security | 6.0 |
References
- http://secunia.com/advisories/24778PatchVendor Advisory
- http://www.kaspersky.com/technews?id=203038694Patch
- http://www.securityfocus.com/archive/1/464882/100/0/threaded
- http://www.securityfocus.com/bid/23345
- http://www.securitytracker.com/id?1017884
- http://www.securitytracker.com/id?1017885
- http://www.vupen.com/english/advisories/2007/1268
- http://www.zerodayinitiative.com/advisories/ZDI-07-014.htmlVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33464
- http://secunia.com/advisories/24778PatchVendor Advisory
- http://www.kaspersky.com/technews?id=203038694Patch
- http://www.securityfocus.com/archive/1/464882/100/0/threaded
- http://www.securityfocus.com/bid/23345
- http://www.securitytracker.com/id?1017884
- http://www.securitytracker.com/id?1017885
FAQ
What is CVE-2007-1112?
CVE-2007-1112 is a vulnerability with a CVSS score of 10.0 (HIGH). Kaspersky Anti-Virus 6.0 and Internet Security 6.0 exposes unsafe methods in the (a) AXKLPROD60Lib.KAV60Info (AxKLProd60.dll) and (b) AXKLSYSINFOLib.SysInfo (AxKLSysInfo.dll) ActiveX controls, which a...
How severe is CVE-2007-1112?
CVE-2007-1112 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-1112?
Check the references section above for vendor advisories and patch information. Affected products include: Kaspersky Lab Kaspersky Anti-Virus, Kaspersky Lab Kaspersky Internet Security.