Advisory Details

April 5th, 2007

Kaspersky Antivirus ActiveX Unsafe Methods Vulnerability

ZDI-07-014
ZDI-CAN-138

CVE ID CVE-2007-1112
CVSS SCORE
AFFECTED VENDORS Kaspersky
AFFECTED PRODUCTS Anti-Virus
TREND MICRO CUSTOMER PROTECTION Trend Micro TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID 5061, 5062. For further product information on the TippingPoint IPS: http://www.tippingpoint.com
VULNERABILITY DETAILS

This vulnerability allows remote attackers to download and remove any file on vulnerable installations of Kaspersky Anti-Virus. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.

The specific flaws exist within the ActiveX controls AXKLPROD60Lib.KAV60Info and AXKLSYSINFOLib.SysInfo defined in the following DLLs/CLSIDs:

DLL: AxKLProd60.dll
CLSID: D9EC22E7-1A86-4F7C-8940-0303AE5D6756

DLL: AxKLSysInfo.dll
CLSID: BA61606B-258C-4021-AD27-E07A3F3B91DB

Several methods exposed by these ActiveX controls can be abused by attackers:

Function DeleteFile (
ByVal strFileName As String
)

Function StartBatchUploading (
ByVal arrFiles As Variant ,
ByVal strFTPAddress As String ,
ByVal strFTPUploadPath As String
) As Long

Function StartStrBatchUploading (
ByVal strFiles As String ,
ByVal strFTPAddress As String ,
ByVal strFTPUploadPath As String
) As Long

Function StartUploading (
ByVal strFilePath As String ,
ByVal strFTPAddress As String ,
ByVal strFTPUploadPath As String
) As Long

ADDITIONAL DETAILS
DISCLOSURE TIMELINE
  • 2007-01-08 - Vulnerability reported to vendor
  • 2007-04-05 - Coordinated public release of advisory
CREDIT Anonymous
BACK TO ADVISORIES