CVE DATABASE / CVE-2007-1112
CVE-2007-1112
CVSS 10 · HIGH
Summary
Kaspersky Anti-Virus 6.0 and Internet Security 6.0 exposes unsafe methods in the (a) AXKLPROD60Lib.KAV60Info (AxKLProd60.dll) and (b) AXKLSYSINFOLib.SysInfo (AxKLSysInfo.dll) ActiveX controls, which allows remote attackers to "download" or delete arbitrary files via crafted arguments to the (1) DeleteFile, (2) StartBatchUploading, (3) StartStrBatchUploading, or (4) StartUploading methods.
CVSS 2.0 breakdown
| Base score | 10 (HIGH) |
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Attack vector | NETWORK |
| Attack complexity | LOW |
| Confidentiality | COMPLETE |
| Integrity | COMPLETE |
| Availability | COMPLETE |
Affected products
Kaspersky_lab kaspersky anti-virusKaspersky_lab kaspersky internet security
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- http://secunia.com/advisories/24778
- http://www.kaspersky.com/technews?id=203038694
- http://www.securityfocus.com/archive/1/464882/100/0/threaded
- http://www.securityfocus.com/bid/23345
- http://www.securitytracker.com/id?1017884
- http://www.securitytracker.com/id?1017885
- http://www.vupen.com/english/advisories/2007/1268
- http://www.zerodayinitiative.com/advisories/ZDI-07-014.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33464
Data: NIST NVD. NVD last modified 2026-04-23. Always verify against the vendor advisory before acting.