Multiple unspecified vulnerabilities in the Intuit QuickBooks Online Edition ActiveX control before 10 allow remote attackers to create or overwrite arbitrary files via unspecified arguments to the (1) httpGETToFile, (2) httpPOSTFromFile, and possibly other methods, probably involving path traversal vulnerabilities in exposed dangerous methods. NOTE: this can be leveraged for code execution by writing to a Startup folder.
References
Link | Resource |
---|---|
http://osvdb.org/37134 | |
http://secunia.com/advisories/26659 | |
http://www.kb.cert.org/vuls/id/979638 | Patch Third Party Advisory US Government Resource |
http://www.securityfocus.com/bid/25544 | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/36464 |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: certcc
Published: 2007-09-05T19:00:00
Updated: 2017-07-28T12:57:01
Reserved: 2007-08-22T00:00:00
Link: CVE-2007-4471
JSON object: View
NVD Information
Status : Modified
Published: 2007-09-05T19:17:00.000
Modified: 2017-07-29T01:32:57.677
Link: CVE-2007-4471
JSON object: View
Redhat Information
No data.