漏洞概述 - 标题: Kaspersky Antivirus ActiveX Unsafe Methods Vulnerability - ZDI 编号: ZDI-07-014 - CVE 编号: CVE-2007-1112 影响范围 - 厂商: Kaspersky - 受影响产品: Anti-Virus 漏洞详情 - 漏洞描述: 该漏洞允许远程攻击者下载和删除易受攻击的 Kaspersky Anti-Virus 安装上的任何文件。需要用户交互以利用此漏洞,即目标必须访问恶意页面。 - 影响的 ActiveX 控件: - DLL: AxKLProd60.dll, CLSID: D9EC22E7-1A86-4F7C-8940-0303AE5D6756 - DLL: AxKLSysInfo.dll, CLSID: BAG1606B-258C-4021-AD27-E07A3F3B91DB - 可被滥用的方法: - Function DeleteFile(byVal strFileName As String) - Function StartBatchUploading(byVal arrFiles As Variant, byVal strFtpAddress As String, byVal strFTPUploadPath As String) As Long - Function StartStrBatchUploading(byVal strFiles As String, byVal strFtpAddress As String, byVal strFTPUploadPath As String) As Long - Function StartUploading(byVal strFilePath As String, byVal strFtpAddress As String, byVal strFTPUploadPath As String) As Long 其他信息 - 披露时间线: - 2007-01-08: 向厂商报告漏洞 - 2007-04-05: 协调公开发布咨询 - 发现者: Anonymous