{"api_version":"1","generated_at":"2026-04-23T00:38:17+00:00","cve":"CVE-2007-3675","urls":{"html":"https://cve.report/CVE-2007-3675","api":"https://cve.report/api/cve/CVE-2007-3675.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2007-3675","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2007-3675"},"summary":{"title":"CVE-2007-3675","description":"Multiple format string vulnerabilities in the kavwebscan.CKAVWebScan ActiveX control (kavwebscan.dll) in Kaspersky Online Scanner before 5.0.98 allow remote attackers to execute arbitrary code via format string specifiers in \"various string formatting functions,\" which trigger heap-based buffer overflows.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2007-10-12 20:17:00","updated_at":"2017-07-29 01:32:00"},"problem_types":["CWE-134"],"metrics":[],"references":[{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/37057","name":"kaspersky-online-activex-format-string(37057)","refsource":"XF","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.kaspersky.com/news?id=207575572","name":"http://www.kaspersky.com/news?id=207575572","refsource":"CONFIRM","tags":["Patch"],"title":"Kaspersky Lab announces the release of a new version of its free Kaspersky Online Scanner","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2007/3455","name":"ADV-2007-3455","refsource":"VUPEN","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=606","name":"20071010 Kaspersky Web Scanner ActiveX Format String Vulnerability","refsource":"IDEFENSE","tags":[],"title":"","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/26004","name":"26004","refsource":"BID","tags":["Patch"],"title":"Kaspersky Online Scanner KAVWebScan.DLL ActiveX Control Format String Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://secunia.com/advisories/27187","name":"27187","refsource":"SECUNIA","tags":["Patch","Vendor Advisory"],"title":"Kaspersky Online Scanner ActiveX Control Format String Vulnerability - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://securitytracker.com/id?1018800","name":"1018800","refsource":"SECTRACK","tags":["Patch"],"title":"Kaspersky Online Scanner Format String Flaw in ActiveX Control Lets Remote Users Execute Arbitrary Code - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2007-3675","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2007-3675","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2007","cve_id":"3675","vulnerable":"1","versionEndIncluding":"5.0.93","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"kaspersky_lab","cpe5":"online_scanner","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2007-3675","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Multiple format string vulnerabilities in the kavwebscan.CKAVWebScan ActiveX control (kavwebscan.dll) in Kaspersky Online Scanner before 5.0.98 allow remote attackers to execute arbitrary code via format string specifiers in \"various string formatting functions,\" which trigger heap-based buffer overflows."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"http://www.kaspersky.com/news?id=207575572","refsource":"CONFIRM","url":"http://www.kaspersky.com/news?id=207575572"},{"name":"1018800","refsource":"SECTRACK","url":"http://securitytracker.com/id?1018800"},{"name":"kaspersky-online-activex-format-string(37057)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/37057"},{"name":"27187","refsource":"SECUNIA","url":"http://secunia.com/advisories/27187"},{"name":"20071010 Kaspersky Web Scanner ActiveX Format String Vulnerability","refsource":"IDEFENSE","url":"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=606"},{"name":"26004","refsource":"BID","url":"http://www.securityfocus.com/bid/26004"},{"name":"ADV-2007-3455","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2007/3455"}]}},"nvd":{"publishedDate":"2007-10-12 20:17:00","lastModifiedDate":"2017-07-29 01:32:00","problem_types":["CWE-134"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":9.3},"severity":"HIGH","exploitabilityScore":8.6,"impactScore":10,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:kaspersky_lab:online_scanner:*:*:*:*:*:*:*:*","versionEndIncluding":"5.0.93","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2007","CveId":"3675","Ordinal":"26339","Title":"CVE-2007-3675","CVE":"CVE-2007-3675","Year":"2007"},"notes":[{"CveYear":"2007","CveId":"3675","Ordinal":"1","NoteData":"Multiple format string vulnerabilities in the kavwebscan.CKAVWebScan ActiveX control (kavwebscan.dll) in Kaspersky Online Scanner before 5.0.98 allow remote attackers to execute arbitrary code via format string specifiers in \"various string formatting functions,\" which trigger heap-based buffer overflows.","Type":"Description","Title":null},{"CveYear":"2007","CveId":"3675","Ordinal":"2","NoteData":"2007-10-12","Type":"Other","Title":"Published"},{"CveYear":"2007","CveId":"3675","Ordinal":"3","NoteData":"2017-07-28","Type":"Other","Title":"Modified"}]}}}