CVE-2007-3675

Published Oct 12, 2007

Last updated 7 years ago

Overview

Description: Multiple format string vulnerabilities in the kavwebscan.CKAVWebScan ActiveX control (kavwebscan.dll) in Kaspersky Online Scanner before 5.0.98 allow remote attackers to execute arbitrary code via format string specifiers in "various string formatting functions," which trigger heap-based buffer overflows.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 9.3
Impact score: 10
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-134

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:kaspersky_lab:online_scanner:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "197BE72E-5333-4936-A4DE-A5FA3DDD6F44",
            "versionEndIncluding": "5.0.93"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References