Kaspersky Password Manager 5.x < 5.0.0.169 HTML Injection

This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has a password manager installed that is
affected by an HTML injection vulnerability.

Description :

The version of Kaspersky Password Manager installed on the remote
Windows host is 5.x prior to 5.0.0.169. As such, it is potentially
affected by an HTML injection vulnerability.

A remote attacker can trick a user into visiting a malicious website and
into saving malicious code from the site when the application's password
management features are used. Later, the user could trigger the
malicious code when using Password Manager's export functionality.

See also :

http://www.securityfocus.com/archive/1/523735

Solution :

Upgrade to Kaspersky Password Manager 5.0.0.169 or later.

Risk factor :

Low / CVSS Base Score : 2.6
(CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 2.5
(CVSS2#E:F/RL:U/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 62800 ()

Bugtraq ID: 54760

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now