Kaspersky AntiVirus Prod60 ActiveX Control Arbitrary File Exfiltration Vulnerability
BID:23345
Info
Kaspersky AntiVirus Prod60 ActiveX Control Arbitrary File Exfiltration Vulnerability
| Bugtraq ID: | 23345 |
| Class: | Design Error |
| CVE: |
CVE-2007-1112 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 06 2007 12:00AM |
| Updated: | Apr 09 2007 05:52PM |
| Credit: | The discoverer of this issue wishes to remain anonymous. |
| Vulnerable: |
Kaspersky Internet Security 6.0 |
| Not Vulnerable: |
Kaspersky Internet Security 6.0.Maintenance Pack Kaspersky Anti-Virus 6.0.Maintenance Pack |
Discussion
Kaspersky AntiVirus Prod60 ActiveX Control Arbitrary File Exfiltration Vulnerability
Kaspersky AntiVirus is prone to an arbitrary-file-exfiltration vulnerability.
An attacker can exploit this issue to steal files from a victim machine.
This issue affects Kaspersky Anti-Virus 6.0 and Kaspersky Internet Security 6.0.
Kaspersky AntiVirus is prone to an arbitrary-file-exfiltration vulnerability.
An attacker can exploit this issue to steal files from a victim machine.
This issue affects Kaspersky Anti-Virus 6.0 and Kaspersky Internet Security 6.0.
Exploit / POC
Kaspersky AntiVirus Prod60 ActiveX Control Arbitrary File Exfiltration Vulnerability
An attacker can exploit this issue by setting up a malicious site using common tools.
An attacker can exploit this issue by setting up a malicious site using common tools.
Solution / Fix
Kaspersky AntiVirus Prod60 ActiveX Control Arbitrary File Exfiltration Vulnerability
Solution:
The vendor has removed the vulnerable libraries from the latest maintenance release. Please contact the vendor for details.
Solution:
The vendor has removed the vulnerable libraries from the latest maintenance release. Please contact the vendor for details.
References
Kaspersky AntiVirus Prod60 ActiveX Control Arbitrary File Exfiltration Vulnerability
References:
References:
- Kaspersky Homepage (Kaspersky)
- ZDI-07-014: Kaspersky Anti-Virus ActiveX Control Unsafe Method Exposure (ZDI Disclosures)
- Kaspersky Anti-Virus 6.0, Kaspersky Internet Security 6.0 - 5 vulnerabilities fi (Kaspersky Lab)