CVE-2007-1879 - Vulnerability Details - OpenCVE

The StartUploading function in KL.SysInfo ActiveX control (AxKLSysInfo.dll) in Kaspersky Anti-Virus 6.0 and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows remote attackers to read arbitrary files by triggering an outbound anonymous FTP session that invokes the PUT command. NOTE: this issue might be related to CVE-2007-1112.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Kaspersky Lab	Kaspersky Anti-virus Kaspersky Internet Security

Configuration 1 [-]

OR	cpe:2.3:a:kaspersky_lab:kaspersky_anti-virus:6.0::windows_workstation:::::
	cpe:2.3:a:kaspersky_lab:kaspersky_internet_security::::::::

No data.

References

Link	Providers
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=504
http://secunia.com/advisories/24778
http://www.kaspersky.com/technews?id=203038694
http://www.securityfocus.com/bid/23325
http://www.securitytracker.com/id?1017871
http://www.vupen.com/english/advisories/2007/1268
https://exchange.xforce.ibmcloud.com/vulnerabilities/33464

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-04-06T00:00:00

Updated: 2024-08-07T13:13:41.999Z

Reserved: 2007-04-05T00:00:00

Link: CVE-2007-1879

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-04-06T00:19:00.000

Modified: 2024-11-21T00:29:22.290

Link: CVE-2007-1879

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-04-04T00:00:00", "descriptions": [{"lang": "en", "value": "The StartUploading function in KL.SysInfo ActiveX control (AxKLSysInfo.dll) in Kaspersky Anti-Virus 6.0 and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows remote attackers to read arbitrary files by triggering an outbound anonymous FTP session that invokes the PUT command. NOTE: this issue might be related to CVE-2007-1112."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20070404 Kaspersky AntiVirus SysInfo ActiveX Control Information Disclosure Vulnerability", "tags": ["third-party-advisory", "x_refsource_IDEFENSE"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=504"}, {"name": "24778", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24778"}, {"name": "1017871", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1017871"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.kaspersky.com/technews?id=203038694"}, {"name": "ADV-2007-1268", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/1268"}, {"name": "23325", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/23325"}, {"name": "kaspersky-startuploading-info-disclosure(33464)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33464"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-1879", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The StartUploading function in KL.SysInfo ActiveX control (AxKLSysInfo.dll) in Kaspersky Anti-Virus 6.0 and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows remote attackers to read arbitrary files by triggering an outbound anonymous FTP session that invokes the PUT command. NOTE: this issue might be related to CVE-2007-1112."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20070404 Kaspersky AntiVirus SysInfo ActiveX Control Information Disclosure Vulnerability", "refsource": "IDEFENSE", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=504"}, {"name": "24778", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24778"}, {"name": "1017871", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1017871"}, {"name": "http://www.kaspersky.com/technews?id=203038694", "refsource": "CONFIRM", "url": "http://www.kaspersky.com/technews?id=203038694"}, {"name": "ADV-2007-1268", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/1268"}, {"name": "23325", "refsource": "BID", "url": "http://www.securityfocus.com/bid/23325"}, {"name": "kaspersky-startuploading-info-disclosure(33464)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33464"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T13:13:41.999Z"}, "title": "CVE Program Container", "references": [{"name": "20070404 Kaspersky AntiVirus SysInfo ActiveX Control Information Disclosure Vulnerability", "tags": ["third-party-advisory", "x_refsource_IDEFENSE", "x_transferred"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=504"}, {"name": "24778", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24778"}, {"name": "1017871", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1017871"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.kaspersky.com/technews?id=203038694"}, {"name": "ADV-2007-1268", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/1268"}, {"name": "23325", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/23325"}, {"name": "kaspersky-startuploading-info-disclosure(33464)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33464"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-1879", "datePublished": "2007-04-06T00:00:00", "dateReserved": "2007-04-05T00:00:00", "dateUpdated": "2024-08-07T13:13:41.999Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kaspersky_lab:kaspersky_anti-virus:6.0:*:windows_workstation:*:*:*:*:*", "matchCriteriaId": "4FBBEA6A-F02E-4B35-B807-5E5C05EF25A4", "vulnerable": true}, {"criteria": "cpe:2.3:a:kaspersky_lab:kaspersky_internet_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "964B4C87-B601-444F-8F13-D94D75E9C750", "versionEndIncluding": "6.0.1.411", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The StartUploading function in KL.SysInfo ActiveX control (AxKLSysInfo.dll) in Kaspersky Anti-Virus 6.0 and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows remote attackers to read arbitrary files by triggering an outbound anonymous FTP session that invokes the PUT command. NOTE: this issue might be related to CVE-2007-1112."}, {"lang": "es", "value": "La funci\u00f3n StartUploading del control de ActiveX KL.SysInfo (AxKLSysInfo.dll) en el Anti-Virus Kaspersky 6.0 y Internet Security 6.0 antes del parche de mantenimiento 2 versi\u00f3n 6.0.2.614 permite a atacantes remotos leer ficheros de su elecci\u00f3n disparando una sesi\u00f3n FTP an\u00f3nima de salida que invoca a un comando PUT. NOTA: esta vulnerabilidad puede estar relacionada con la CVE-2007-1112."}], "id": "CVE-2007-1879", "lastModified": "2024-11-21T00:29:22.290", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-04-06T00:19:00.000", "references": [{"source": "cve@mitre.org", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=504"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/24778"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.kaspersky.com/technews?id=203038694"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/23325"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1017871"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/1268"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33464"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=504"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/24778"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.kaspersky.com/technews?id=203038694"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/23325"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1017871"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/1268"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33464"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}