Kaspersky Online Scanner kavwebscan.CKAVWebScan ActiveX (kavwebscan.dll) Format String Arbitrary Code Execution

High Nessus Plugin ID 26969


The remote Windows host has an ActiveX control that is affected by a format string vulnerability.


The remote host contains the Kaspersky Online Scanner, an online virus scanner for Windows.

The version of the Kaspersky Web Scanner ActiveX control installed as part of this software on the remote host contains a format string vulnerability. By tricking a user on the affected host into visiting a specially crafted web page, an attacker may be able to use this method to execute arbitrary code on the affected system subject to the user's privileges.


Upgrade to Kaspersky Online Scanner version or later.

See Also




Plugin Details

Severity: High

ID: 26969

File Name: kaspersky_webscanner_activex_format_string.nasl

Version: $Revision: 1.13 $

Type: local

Agent: windows

Family: Windows

Published: 2007/10/11

Modified: 2016/10/27

Dependencies: 13855

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:kaspersky_lab:online_scanner

Required KB Items: SMB/Registry/Enumerated

Exploit Available: false

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 2007/10/11

Reference Information

CVE: CVE-2007-3675

BID: 26004

OSVDB: 37713

CWE: 134