CVE-2007-3675

Sažetak

Multiple format string vulnerabilities in the kavwebscan.CKAVWebScan ActiveX control (kavwebscan.dll) in Kaspersky Online Scanner before 5.0.98 allow remote attackers to execute arbitrary code via format string specifiers in "various string formatting functions," which trigger heap-based buffer overflows.

Reference

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=606
http://secunia.com/advisories/27187
http://securitytracker.com/id?1018800
http://www.kaspersky.com/news?id=207575572
http://www.securityfocus.com/bid/26004
http://www.vupen.com/english/advisories/2007/3455
https://exchange.xforce.ibmcloud.com/vulnerabilities/37057

CVSS

Base:	9.3
Impact:	10.0
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

29-07-2017 - 01:32

Objavljeno

12-10-2007 - 20:17