Advisory Details

April 5th, 2007

Kaspersky Antivirus ActiveX Unsafe Methods Vulnerability

ZDI-07-014
ZDI-CAN-138

CVE ID	CVE-2007-1112
CVSS SCORE
AFFECTED VENDORS	Kaspersky
AFFECTED PRODUCTS	Anti-Virus
TREND MICRO CUSTOMER PROTECTION	Trend Micro TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID ['5061', '5062']. For further product information on the TippingPoint IPS: http://www.tippingpoint.com
VULNERABILITY DETAILS	This vulnerability allows remote attackers to download and remove any file on vulnerable installations of Kaspersky Anti-Virus. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaws exist within the ActiveX controls AXKLPROD60Lib.KAV60Info and AXKLSYSINFOLib.SysInfo defined in the following DLLs/CLSIDs: DLL: AxKLProd60.dll CLSID: D9EC22E7-1A86-4F7C-8940-0303AE5D6756 DLL: AxKLSysInfo.dll CLSID: BA61606B-258C-4021-AD27-E07A3F3B91DB Several methods exposed by these ActiveX controls can be abused by attackers: Function DeleteFile ( ByVal strFileName As String ) Function StartBatchUploading ( ByVal arrFiles As Variant , ByVal strFTPAddress As String , ByVal strFTPUploadPath As String ) As Long Function StartStrBatchUploading ( ByVal strFiles As String , ByVal strFTPAddress As String , ByVal strFTPUploadPath As String ) As Long Function StartUploading ( ByVal strFilePath As String , ByVal strFTPAddress As String , ByVal strFTPUploadPath As String ) As Long
ADDITIONAL DETAILS
DISCLOSURE TIMELINE	2007-01-08 - Vulnerability reported to vendor 2007-04-05 - Coordinated public release of advisory
CREDIT	Anonymous

BACK TO ADVISORIES