Lucene search

[email protected]CVE-2007-4471

HistorySep 05, 2007 - 7:17 p.m.

CVE-2007-4471

2007-09-0519:17:00

CWE-264

CWE-22

[email protected]

web.nvd.nist.gov

intuit

quickbooks

online

activex

control

vulnerabilities

remote attackers

file overwrite

code execution

nvd

cve-2007-4471

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.5 High

AI Score

Confidence

Low

0.028 Low

EPSS

Percentile

90.7%

JSON

Multiple unspecified vulnerabilities in the Intuit QuickBooks Online Edition ActiveX control before 10 allow remote attackers to create or overwrite arbitrary files via unspecified arguments to the (1) httpGETToFile, (2) httpPOSTFromFile, and possibly other methods, probably involving path traversal vulnerabilities in exposed dangerous methods. NOTE: this can be leveraged for code execution by writing to a Startup folder.

Affected configurations

NVD

Node

intuitquickbooksonline

CPENameOperatorVersion
intuit:quickbooksintuit quickbookseq*

CPE	Name	Operator	Version
intuit:quickbooks	intuit quickbooks	eq	*

References

osvdb.org/37134

secunia.com/advisories/26659

www.kb.cert.org/vuls/id/979638

www.securityfocus.com/bid/25544

exchange.xforce.ibmcloud.com/vulnerabilities/36464

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.5 High

AI Score

Confidence

Low

0.028 Low

EPSS

Percentile

90.7%

JSON

Related for CVE-2007-4471

prion1 cert1 cvelist1 nvd1 nessus2 seebug1