CVE-2007-3675

Multiple format string vulnerabilities in the kavwebscan.CKAVWebScan ActiveX control (kavwebscan.dll) in Kaspersky Online Scanner before 5.0.98 allow remote attackers to execute arbitrary code via format string specifiers in "various string formatting functions," which trigger heap-based buffer overflows.

Published: Oct 12, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-3675
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-134

Affected Software
References

Software	From	Fixed in
kaspersky_lab / online_scanner	-	5.0.93.x

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=606
http://secunia.com/advisories/27187
http://securitytracker.com/id?1018800
http://www.kaspersky.com/news?id=207575572
http://www.securityfocus.com/bid/26004
http://www.vupen.com/english/advisories/2007/3455
https://exchange.xforce.ibmcloud.com/vulnerabilities/37057

Vulnerability Database

CVE-2007-3675