CVE-2007-3675
Summary
| CVE | CVE-2007-3675 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2007-10-12 20:17:00 UTC |
| Updated | 2017-07-29 01:32:00 UTC |
| Description | Multiple format string vulnerabilities in the kavwebscan.CKAVWebScan ActiveX control (kavwebscan.dll) in Kaspersky Online Scanner before 5.0.98 allow remote attackers to execute arbitrary code via format string specifiers in "various string formatting functions," which trigger heap-based buffer overflows. |
Risk And Classification
Problem Types: CWE-134
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Kaspersky Lab | Online Scanner | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| Kaspersky Lab announces the release of a new version of its free Kaspersky Online Scanner | CONFIRM | www.kaspersky.com | Patch |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | |
| 20071010 Kaspersky Web Scanner ActiveX Format String Vulnerability | IDEFENSE | labs.idefense.com | |
| Kaspersky Online Scanner KAVWebScan.DLL ActiveX Control Format String Vulnerability | BID | www.securityfocus.com | Patch |
| Kaspersky Online Scanner ActiveX Control Format String Vulnerability - Advisories - Secunia | SECUNIA | secunia.com | Patch, Vendor Advisory |
| Kaspersky Online Scanner Format String Flaw in ActiveX Control Lets Remote Users Execute Arbitrary Code - SecurityTracker | SECTRACK | securitytracker.com | Patch |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.