Kaspersky Antivirus ActiveX Unsafe Methods Vulnerability
ZDI-07-014: April 5th, 2007CVE ID
Affected Vendors
-
Kaspersky
Affected Products
-
Anti-Virus
TippingPoint™ IPS Customer Protection
TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID 5061, 5062. For further product information on the TippingPoint IPS:Vulnerability Details
This vulnerability allows remote attackers to download and remove any file on vulnerable installations of Kaspersky Anti-Virus. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.
The specific flaws exist within the ActiveX controls AXKLPROD60Lib.KAV60Info and AXKLSYSINFOLib.SysInfo defined in the following DLLs/CLSIDs:
DLL: AxKLProd60.dll
CLSID: D9EC22E7-1A86-4F7C-8940-0303AE5D6756
DLL: AxKLSysInfo.dll
CLSID: BA61606B-258C-4021-AD27-E07A3F3B91DB
Several methods exposed by these ActiveX controls can be abused by attackers:
Function DeleteFile (
ByVal strFileName As String
)
Function StartBatchUploading (
ByVal arrFiles As Variant ,
ByVal strFTPAddress As String ,
ByVal strFTPUploadPath As String
) As Long
Function StartStrBatchUploading (
ByVal strFiles As String ,
ByVal strFTPAddress As String ,
ByVal strFTPUploadPath As String
) As Long
Function StartUploading (
ByVal strFilePath As String ,
ByVal strFTPAddress As String ,
ByVal strFTPUploadPath As String
) As Long
Vendor Response
Kaspersky states:Disclosure Timeline
-
2007-01-08 - Vulnerability reported to vendor
2007-04-05 - Coordinated public release of advisory
Credit
This vulnerability was discovered by:-
Anonymous
