1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: Kaspersky Sysinfo File CVE-2007-1112

Web Attack: Kaspersky Sysinfo File CVE-2007-1112

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.


This signature detects attempt to exploit file exfiltration vulnerability through Kaspersky AntiVirus 'KL.SysInfo' ActiveX control.

Additional Information

Kaspersky Anti-Virus is an antivirus application for desktop and small-business computers.

Kaspersky Anti-Virus is prone to an arbitrary-file-exfiltration vulnerability because it contains a file-upload ActiveX control that can be misused by a malicious site.

Specifically, the vulnerability resides in the 'KL.SysInfo' ActiveX control. The control contains a method named 'StartUploading' that can be abused by a malicious site to cause an upload of arbitrary client-side files. An attacker can initiate a client-to-server anonymous FTP transfer to exfiltrate arbitrary system files from the vulnerable client.

The vulnerable ActiveX control is identified by the CLSID of: {BA61606B-258C-4021-AD27-E07A3F3B91DB}.

Successful attacks performed against affected applications may result in the loss of confidential information. This may aid in other attacks.

This issue affects Kaspersky Anti-Virus 6.0 and Kaspersky Internet Security 6.0.


  • Kaspersky Anti-Virus 6.0, 6.0.Maintenance Pack 2
  • Kaspersky Internet Security 6.0, 6.0.Maintenance Pack 2


The vendor has removed the vulnerable libraries from the latest maintenance release. Please contact the vendor for details.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube