CVE-2007-1112 Information
Description
Kaspersky Anti-Virus 6.0 and Internet Security 6.0 exposes unsafe methods in the (a) AXKLPROD60Lib.KAV60Info (AxKLProd60.dll) and (b) AXKLSYSINFOLib.SysInfo (AxKLSysInfo.dll) ActiveX controls which allows remote attackers to \download\ or delete arbitrary files via crafted arguments to the (1) DeleteFile (2) StartBatchUploading (3) StartStrBatchUploading or (4) StartUploading methods.
Reference
http://secunia.com/advisories/24778 http://www.kaspersky.com/technews?id=203038694 http://www.securityfocus.com/archive/1/464882/100/0/threaded http://www.securityfocus.com/bid/23345 http://www.securitytracker.com/id?1017884 http://www.securitytracker.com/id?1017885 http://www.vupen.com/english/advisories/2007/1268 http://www.zerodayinitiative.com/advisories/ZDI-07-014.html https://exchange.xforce.ibmcloud.com/vulnerabilities/33464
Share on: