PT-2007-3225 · Kaspersky · Kl.Sysinfo Activex Control+2

Publicado

2007-04-05

Atualizado

2017-07-29

CVE-2007-1879

CVSS v2.0

9.3

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Kaspersky Anti-Virus versions prior to 6.0.2.614 Kaspersky Internet Security versions prior to 6.0.2.614

Description: The issue allows remote attackers to read arbitrary files by triggering an outbound anonymous FTP session that invokes the PUT command, specifically through the StartUploading function in the KL.SysInfo ActiveX control.

Recommendations: For Kaspersky Anti-Virus versions prior to 6.0.2.614, update to version 6.0.2.614 or later. For Kaspersky Internet Security versions prior to 6.0.2.614, update to version 6.0.2.614 or later.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2007-1879

Produtos afetados

Kl.Sysinfo Activex Control

Kaspersky Anti-Virus

Kaspersky Internet Security

PT-2007-3225 · Kaspersky · Kl.Sysinfo Activex Control+2

CVE-2007-1879

Identificadores relacionados

Produtos afetados

Referências · 10