Unrated severityNVD Advisory· Published Apr 6, 2007· Updated Apr 23, 2026

CVE-2007-1112

Description

Kaspersky Anti-Virus 6.0 and Internet Security 6.0 exposes unsafe methods in the (a) AXKLPROD60Lib.KAV60Info (AxKLProd60.dll) and (b) AXKLSYSINFOLib.SysInfo (AxKLSysInfo.dll) ActiveX controls, which allows remote attackers to "download" or delete arbitrary files via crafted arguments to the (1) DeleteFile, (2) StartBatchUploading, (3) StartStrBatchUploading, or (4) StartUploading methods.

Affected products

Kaspersky Lab/Kaspersky Anti Virus
cpe:2.3:a:kaspersky_lab:kaspersky_anti-virus:6.0:*:windows_workstation:*:*:*:*:*
Kaspersky Lab/Kaspersky Internet Security
cpe:2.3:a:kaspersky_lab:kaspersky_internet_security:6.0:maintenance_pack_2:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/24778nvdPatchVendor Advisory
www.kaspersky.com/technewsnvdPatch
www.zerodayinitiative.com/advisories/ZDI-07-014.htmlnvdVendor Advisory
www.securityfocus.com/archive/1/464882/100/0/threadednvd
www.securityfocus.com/bid/23345nvd
www.securitytracker.com/idnvd
www.securitytracker.com/idnvd
www.vupen.com/english/advisories/2007/1268nvd
exchange.xforce.ibmcloud.com/vulnerabilities/33464nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000