Kaspersky Antivirus ActiveX Unsafe Methods Vulnerability

2007-04-05T00:00:00
ID ZDI-07-014
Type zdi
Reporter Anonymous
Modified 2007-11-09T00:00:00

Description

This vulnerability allows remote attackers to download and remove any file on vulnerable installations of Kaspersky Anti-Virus. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.

The specific flaws exist within the ActiveX controls AXKLPROD60Lib.KAV60Info and AXKLSYSINFOLib.SysInfo defined in the following DLLs/CLSIDs:

DLL: AxKLProd60.dll
CLSID: D9EC22E7-1A86-4F7C-8940-0303AE5D6756

DLL: AxKLSysInfo.dll
CLSID: BA61606B-258C-4021-AD27-E07A3F3B91DB

Several methods exposed by these ActiveX controls can be abused by attackers:

Function DeleteFile (
ByVal strFileName As String
)

Function StartBatchUploading (
ByVal arrFiles As Variant ,
ByVal strFTPAddress As String ,
ByVal strFTPUploadPath As String
) As Long

Function StartStrBatchUploading (
ByVal strFiles As String ,
ByVal strFTPAddress As String ,
ByVal strFTPUploadPath As String
) As Long

Function StartUploading (
ByVal strFilePath As String ,
ByVal strFTPAddress As String ,
ByVal strFTPUploadPath As String
) As Long