Advisory Details

April 5th, 2007

Kaspersky Antivirus ActiveX Unsafe Methods Vulnerability

ZDI-07-014
ZDI-CAN-138

CVE ID CVE-2007-1112
CVSS SCORE
AFFECTED VENDORS Kaspersky
AFFECTED PRODUCTS Anti-Virus
TREND MICRO CUSTOMER PROTECTION Trend Micro TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID 5061,5062. For further product information on the TippingPoint IPS: http://www.tippingpoint.com
VULNERABILITY DETAILS

This vulnerability allows remote attackers to download and remove any file on vulnerable installations of Kaspersky Anti-Virus. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.

The specific flaws exist within the ActiveX controls AXKLPROD60Lib.KAV60Info and AXKLSYSINFOLib.SysInfo defined in the following DLLs/CLSIDs:

DLL: AxKLProd60.dll
CLSID: D9EC22E7-1A86-4F7C-8940-0303AE5D6756

DLL: AxKLSysInfo.dll
CLSID: BA61606B-258C-4021-AD27-E07A3F3B91DB

Several methods exposed by these ActiveX controls can be abused by attackers:

Function DeleteFile (
ByVal strFileName As String
)

Function StartBatchUploading (
ByVal arrFiles As Variant ,
ByVal strFTPAddress As String ,
ByVal strFTPUploadPath As String
) As Long

Function StartStrBatchUploading (
ByVal strFiles As String ,
ByVal strFTPAddress As String ,
ByVal strFTPUploadPath As String
) As Long

Function StartUploading (
ByVal strFilePath As String ,
ByVal strFTPAddress As String ,
ByVal strFTPUploadPath As String
) As Long

ADDITIONAL DETAILS
DISCLOSURE TIMELINE
  • 2007-01-08 - Vulnerability reported to vendor
  • 2007-04-05 - Coordinated public release of advisory
CREDIT Anonymous
BACK TO ADVISORIES