PT-2007-3225 · Kaspersky · Kl.Sysinfo Activex Control+2

Published

2007-04-05

Updated

2017-07-29

CVE-2007-1879

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Kaspersky Anti-Virus versions prior to 6.0.2.614 Kaspersky Internet Security versions prior to 6.0.2.614

Description: The issue allows remote attackers to read arbitrary files by triggering an outbound anonymous FTP session that invokes the PUT command, specifically through the StartUploading function in the KL.SysInfo ActiveX control.

Recommendations: For Kaspersky Anti-Virus versions prior to 6.0.2.614, update to version 6.0.2.614 or later. For Kaspersky Internet Security versions prior to 6.0.2.614, update to version 6.0.2.614 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-1879

Affected Products

Kl.Sysinfo Activex Control

Kaspersky Anti-Virus

Kaspersky Internet Security

PT-2007-3225 · Kaspersky · Kl.Sysinfo Activex Control+2

CVE-2007-1879

Related Identifiers

Affected Products

References · 10