CVE-2007-1112

Kaspersky Antivirus ActiveX Unsafe Methods Vulnerability

Severity Score

10.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Kaspersky Anti-Virus 6.0 and Internet Security 6.0 exposes unsafe methods in the (a) AXKLPROD60Lib.KAV60Info (AxKLProd60.dll) and (b) AXKLSYSINFOLib.SysInfo (AxKLSysInfo.dll) ActiveX controls, which allows remote attackers to "download" or delete arbitrary files via crafted arguments to the (1) DeleteFile, (2) StartBatchUploading, (3) StartStrBatchUploading, or (4) StartUploading methods.

Kaspersky Anti-Virus 6.0 e Internet Security 6.0 revela métodos no seguros en los controles ActiveX (a) AXKLPROD60Lib.KAV60Info (AxKLProd60.dll) y (b) AXKLSYSINFOLib.SysInfo (AxKLSysInfo.dll), los cuales permiten a atacantes remotos descargar o borrar archivos de su elección a través de argumentos manipulados en los métodos (1) DeleteFile, (2) StartBatchUploading, (3) StartStrBatchUploading, o (4) StartUploading.

This vulnerability allows remote attackers to download and remove any file on vulnerable installations of Kaspersky Anti-Virus. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.
The specific flaws exist within the ActiveX controls AXKLPROD60Lib.KAV60Info and AXKLSYSINFOLib.SysInfo defined in the following DLLs/CLSIDs:
DLL: AxKLProd60.dll CLSID: D9EC22E7-1A86-4F7C-8940-0303AE5D6756
DLL: AxKLSysInfo.dll CLSID: BA61606B-258C-4021-AD27-E07A3F3B91DB
Several methods exposed by these ActiveX controls can be abused by attackers:
Function DeleteFile ( ByVal strFileName As String )
Function StartBatchUploading ( ByVal arrFiles As Variant , ByVal strFTPAddress As String , ByVal strFTPUploadPath As String ) As Long Function StartStrBatchUploading ( ByVal strFiles As String , ByVal strFTPAddress As String , ByVal strFTPUploadPath As String ) As Long Function StartUploading ( ByVal strFilePath As String , ByVal strFTPAddress As String , ByVal strFTPUploadPath As String ) As Long

*Credits: Anonymous

CVSS Scores

NISTv2 10.0

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2007-02-26 CVE Reserved
2007-04-05 CVE Published
2024-03-17 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (9)

URL	Tag	Source
http://www.securityfocus.com/archive/1/464882/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/23345	Vdb Entry
http://www.securitytracker.com/id?1017884	Vdb Entry
http://www.securitytracker.com/id?1017885	Vdb Entry
http://www.vupen.com/english/advisories/2007/1268	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/33464	Vdb Entry

URL	Date	SRC

URL	Date	SRC
http://secunia.com/advisories/24778	2018-10-16
http://www.kaspersky.com/technews?id=203038694	2018-10-16

URL	Date	SRC
http://www.zerodayinitiative.com/advisories/ZDI-07-014.html	2018-10-16

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Kaspersky Lab Search vendor "Kaspersky Lab"		Kaspersky Anti-virus Search vendor "Kaspersky Lab" for product "Kaspersky Anti-virus"				6.0 Search vendor "Kaspersky Lab" for product "Kaspersky Anti-virus" and version "6.0"		windows_workstation		Affected
Kaspersky Lab Search vendor "Kaspersky Lab"		Kaspersky Internet Security Search vendor "Kaspersky Lab" for product "Kaspersky Internet Security"				6.0 Search vendor "Kaspersky Lab" for product "Kaspersky Internet Security" and version "6.0"		maintenance_pack_2		Affected