Vulnerability Description
Multiple unspecified vulnerabilities in the Intuit QuickBooks Online Edition ActiveX control before 10 allow remote attackers to create or overwrite arbitrary files via unspecified arguments to the (1) httpGETToFile, (2) httpPOSTFromFile, and possibly other methods, probably involving path traversal vulnerabilities in exposed dangerous methods. NOTE: this can be leveraged for code execution by writing to a Startup folder.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Intuit | Quickbooks | All versions |
Related Weaknesses (CWE)
References
- http://osvdb.org/37134
- http://secunia.com/advisories/26659
- http://www.kb.cert.org/vuls/id/979638PatchThird Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/25544
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36464
- http://osvdb.org/37134
- http://secunia.com/advisories/26659
- http://www.kb.cert.org/vuls/id/979638PatchThird Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/25544
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36464
FAQ
What is CVE-2007-4471?
CVE-2007-4471 is a vulnerability with a CVSS score of 9.3 (HIGH). Multiple unspecified vulnerabilities in the Intuit QuickBooks Online Edition ActiveX control before 10 allow remote attackers to create or overwrite arbitrary files via unspecified arguments to the (1...
How severe is CVE-2007-4471?
CVE-2007-4471 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-4471?
Check the references section above for vendor advisories and patch information. Affected products include: Intuit Quickbooks.