{"api_version":"1","generated_at":"2026-04-23T00:39:48+00:00","cve":"CVE-2007-1112","urls":{"html":"https://cve.report/CVE-2007-1112","api":"https://cve.report/api/cve/CVE-2007-1112.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2007-1112","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2007-1112"},"summary":{"title":"CVE-2007-1112","description":"Kaspersky Anti-Virus 6.0 and Internet Security 6.0 exposes unsafe methods in the (a) AXKLPROD60Lib.KAV60Info (AxKLProd60.dll) and (b) AXKLSYSINFOLib.SysInfo (AxKLSysInfo.dll) ActiveX controls, which allows remote attackers to \"download\" or delete arbitrary files via crafted arguments to the (1) DeleteFile, (2) StartBatchUploading, (3) StartStrBatchUploading, or (4) StartUploading methods.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2007-04-06 00:19:00","updated_at":"2018-10-16 16:36:00"},"problem_types":["NVD-CWE-Other"],"metrics":[],"references":[{"url":"http://www.securityfocus.com/bid/23345","name":"23345","refsource":"BID","tags":[],"title":"Kaspersky AntiVirus Prod60 ActiveX Control Arbitrary File Exfiltration Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.securitytracker.com/id?1017884","name":"1017884","refsource":"SECTRACK","tags":[],"title":"Kaspersky Anti-Virus ActiveX Controls Let Remote Users View and Delete Files - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2007/1268","name":"ADV-2007-1268","refsource":"VUPEN","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/33464","name":"kaspersky-startuploading-info-disclosure(33464)","refsource":"XF","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.zerodayinitiative.com/advisories/ZDI-07-014.html","name":"http://www.zerodayinitiative.com/advisories/ZDI-07-014.html","refsource":"MISC","tags":["Vendor Advisory"],"title":"ZDI-07-014","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.kaspersky.com/technews?id=203038694","name":"http://www.kaspersky.com/technews?id=203038694","refsource":"CONFIRM","tags":["Patch"],"title":"Kaspersky Anti-Virus 6.0, Kaspersky Internet Security 6.0 - 5 vulnerabilities fixed in Maintenance Pack 2.0 build 6.0.2.614","mime":"text/html","httpstatus":"410","archivestatus":"200"},{"url":"http://www.securitytracker.com/id?1017885","name":"1017885","refsource":"SECTRACK","tags":[],"title":"Kaspersky Internet Security ActiveX Controls Let Remote Users View and Delete Files - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/464882/100/0/threaded","name":"20070405 ZDI-07-014: Kaspersky Anti-Virus ActiveX Control Unsafe Method Exposure Vulnerablity","refsource":"BUGTRAQ","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/24778","name":"24778","refsource":"SECUNIA","tags":["Patch","Vendor Advisory"],"title":"Kaspersky Products Multiple Vulnerabilities - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2007-1112","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2007-1112","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2007","cve_id":"1112","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"kaspersky_lab","cpe5":"kaspersky_anti-virus","cpe6":"6.0","cpe7":"*","cpe8":"windows_workstation","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"1112","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"kaspersky_lab","cpe5":"kaspersky_anti-virus","cpe6":"6.0","cpe7":"*","cpe8":"windows_workstation","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"1112","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"kaspersky_lab","cpe5":"kaspersky_internet_security","cpe6":"6.0","cpe7":"maintenance_pack_2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"1112","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"kaspersky_lab","cpe5":"kaspersky_internet_security","cpe6":"6.0","cpe7":"maintenance_pack_2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2007-1112","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Kaspersky Anti-Virus 6.0 and Internet Security 6.0 exposes unsafe methods in the (a) AXKLPROD60Lib.KAV60Info (AxKLProd60.dll) and (b) AXKLSYSINFOLib.SysInfo (AxKLSysInfo.dll) ActiveX controls, which allows remote attackers to \"download\" or delete arbitrary files via crafted arguments to the (1) DeleteFile, (2) StartBatchUploading, (3) StartStrBatchUploading, or (4) StartUploading methods."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"1017884","refsource":"SECTRACK","url":"http://www.securitytracker.com/id?1017884"},{"name":"1017885","refsource":"SECTRACK","url":"http://www.securitytracker.com/id?1017885"},{"name":"24778","refsource":"SECUNIA","url":"http://secunia.com/advisories/24778"},{"name":"http://www.kaspersky.com/technews?id=203038694","refsource":"CONFIRM","url":"http://www.kaspersky.com/technews?id=203038694"},{"name":"http://www.zerodayinitiative.com/advisories/ZDI-07-014.html","refsource":"MISC","url":"http://www.zerodayinitiative.com/advisories/ZDI-07-014.html"},{"name":"ADV-2007-1268","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2007/1268"},{"name":"23345","refsource":"BID","url":"http://www.securityfocus.com/bid/23345"},{"name":"kaspersky-startuploading-info-disclosure(33464)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/33464"},{"name":"20070405 ZDI-07-014: Kaspersky Anti-Virus ActiveX Control Unsafe Method Exposure Vulnerablity","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/464882/100/0/threaded"}]}},"nvd":{"publishedDate":"2007-04-06 00:19:00","lastModifiedDate":"2018-10-16 16:36:00","problem_types":["NVD-CWE-Other"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":10},"severity":"HIGH","exploitabilityScore":10,"impactScore":10,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:kaspersky_lab:kaspersky_anti-virus:6.0:*:windows_workstation:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:kaspersky_lab:kaspersky_internet_security:6.0:maintenance_pack_2:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2007","CveId":"1112","Ordinal":"23566","Title":"CVE-2007-1112","CVE":"CVE-2007-1112","Year":"2007"},"notes":[{"CveYear":"2007","CveId":"1112","Ordinal":"1","NoteData":"Kaspersky Anti-Virus 6.0 and Internet Security 6.0 exposes unsafe methods in the (a) AXKLPROD60Lib.KAV60Info (AxKLProd60.dll) and (b) AXKLSYSINFOLib.SysInfo (AxKLSysInfo.dll) ActiveX controls, which allows remote attackers to \"download\" or delete arbitrary files via crafted arguments to the (1) DeleteFile, (2) StartBatchUploading, (3) StartStrBatchUploading, or (4) StartUploading methods.","Type":"Description","Title":null},{"CveYear":"2007","CveId":"1112","Ordinal":"2","NoteData":"2007-04-05","Type":"Other","Title":"Published"},{"CveYear":"2007","CveId":"1112","Ordinal":"3","NoteData":"2018-10-16","Type":"Other","Title":"Modified"}]}}}