Kaspersky AntiVirus SysInfo ActiveX Control Arbitrary File Exfiltration Vulnerability
BID:23325
Info
Kaspersky AntiVirus SysInfo ActiveX Control Arbitrary File Exfiltration Vulnerability
| Bugtraq ID: | 23325 |
| Class: | Design Error |
| CVE: |
CVE-2007-1112 CVE-2007-1879 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 05 2007 12:00AM |
| Updated: | Jul 06 2016 02:39PM |
| Credit: | Peter Vreugdenhil discovered this issue. |
| Vulnerable: |
Kaspersky Labs Anti-Virus 6.0 Kaspersky Internet Security 6.0 |
| Not Vulnerable: |
Kaspersky Internet Security 6.0.Maintenance Pack Kaspersky Anti-Virus 6.0.Maintenance Pack |
Discussion
Kaspersky AntiVirus SysInfo ActiveX Control Arbitrary File Exfiltration Vulnerability
Kaspersky Anti-Virus is prone to an arbitrary-file-exfiltration vulnerability.
An attacker can exploit this issue to steal files from a victim machine.
This issue affects Kaspersky Anti-Virus 6.0 and Kaspersky Internet Security 6.0.
Kaspersky Anti-Virus is prone to an arbitrary-file-exfiltration vulnerability.
An attacker can exploit this issue to steal files from a victim machine.
This issue affects Kaspersky Anti-Virus 6.0 and Kaspersky Internet Security 6.0.
Exploit / POC
Kaspersky AntiVirus SysInfo ActiveX Control Arbitrary File Exfiltration Vulnerability
An attacker can exploit this issue by setting up a malicious site using common tools.
An attacker can exploit this issue by setting up a malicious site using common tools.
Solution / Fix
Kaspersky AntiVirus SysInfo ActiveX Control Arbitrary File Exfiltration Vulnerability
Solution:
The vendor has removed the vulnerable libraries from the latest maintenance release. Please contact the vendor for details.
Solution:
The vendor has removed the vulnerable libraries from the latest maintenance release. Please contact the vendor for details.
References
Kaspersky AntiVirus SysInfo ActiveX Control Arbitrary File Exfiltration Vulnerability
References:
References:
- Kaspersky Homepage (Kaspersky)
- ZDI-07-014: Kaspersky Anti-Virus ActiveX Control Unsafe Method Exposure (ZDI Disclosures)
- Kaspersky Anti-Virus 6.0, Kaspersky Internet Security 6.0 - 5 vulnerabilities fi (Kaspersky Lab)
- Kaspersky AntiVirus SysInfo ActiveX Control Information Disclosure Vulnerability (iDefense Labs)