Back to search
CVE-2007-4471
Published: Sep 5, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
Multiple unspecified vulnerabilities in the Intuit QuickBooks Online Edition ActiveX control before 10 allow remote attackers to create or overwrite arbitrary files via unspecified arguments to the (1) httpGETToFile, (2) httpPOSTFromFile, and possibly other methods, probably involving path traversal vulnerabilities in exposed dangerous methods. NOTE: this can be leveraged for code execution by writing to a Startup folder.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
quickbooks-activex-file-overwrite(36464)
vdb-entry
x_refsource_XF
VU#979638
third-party-advisory
x_refsource_CERT-VN
26659
third-party-advisory
x_refsource_SECUNIA
37134
vdb-entry
x_refsource_OSVDB
25544
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now