Kaspersky Antivirus ActiveX Unsafe Methods Vulnerability

2007-04-05T00:00:00
ID ZDI-07-014
Type zdi
Reporter Anonymous
Modified 2007-06-22T00:00:00

Description

This vulnerability allows remote attackers to download and remove any file on vulnerable installations of Kaspersky Anti-Virus. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaws exist within the ActiveX controls AXKLPROD60Lib.KAV60Info and AXKLSYSINFOLib.SysInfo defined in the following DLLs/CLSIDs: DLL: AxKLProd60.dll CLSID: D9EC22E7-1A86-4F7C-8940-0303AE5D6756 DLL: AxKLSysInfo.dll CLSID: BA61606B-258C-4021-AD27-E07A3F3B91DB Several methods exposed by these ActiveX controls can be abused by attackers: Function DeleteFile ( ByVal strFileName As String ) Function StartBatchUploading ( ByVal arrFiles As Variant , ByVal strFTPAddress As String , ByVal strFTPUploadPath As String ) As Long Function StartStrBatchUploading ( ByVal strFiles As String , ByVal strFTPAddress As String , ByVal strFTPUploadPath As String ) As Long Function StartUploading ( ByVal strFilePath As String , ByVal strFTPAddress As String , ByVal strFTPUploadPath As String ) As Long