CVE-2007-1879 - The StartUploading function in KL.SysInfo ActiveX control (AxKLSysInfo.dll) in Kaspersky Anti-Virus

CVE-2007-1879

Summary

The StartUploading function in KL.SysInfo ActiveX control (AxKLSysInfo.dll) in Kaspersky Anti-Virus 6.0 and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows remote attackers to read arbitrary files by triggering an outbound anonymous FTP session that invokes the PUT command. NOTE: this issue might be related to CVE-2007-1112.

References

Vulnerable Configurations

cpe:2.3:a:kaspersky_lab:kaspersky_anti-virus:6.0:*:windows_workstation:*:*:*:*:*
cpe:2.3:a:kaspersky_lab:kaspersky_anti-virus:6.0:*:windows_workstation:*:*:*:*:*
cpe:2.3:a:kaspersky_lab:kaspersky_internet_security:*:*:*:*:*:*:*:*
cpe:2.3:a:kaspersky_lab:kaspersky_internet_security:*:*:*:*:*:*:*:*

CVSS

Base:	9.3 (as of 29-07-2017 - 01:31)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

refmap via4

bid	23325
confirm	http://www.kaspersky.com/technews?id=203038694
idefense	20070404 Kaspersky AntiVirus SysInfo ActiveX Control Information Disclosure Vulnerability
sectrack	1017871
secunia	24778
vupen	ADV-2007-1268
xf	kaspersky-startuploading-info-disclosure(33464)

Last major update

29-07-2017 - 01:31

Published

06-04-2007 - 00:19

Last modified

29-07-2017 - 01:31