|
CVE Reference: CVE-2007-4471
|
|
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.
|
|
Original Page at CVE MITRE:
CVE-2007-4471
|
|
Description:
Multiple unspecified vulnerabilities in the Intuit QuickBooks Online Edition ActiveX control before 10 allow remote attackers to create or overwrite arbitrary files via unspecified arguments to the (1) httpGETToFile, (2) httpPOSTFromFile, and possibly other methods, probably involving path traversal vulnerabilities in exposed dangerous methods. NOTE: this can be leveraged for code execution by writing to a Startup folder.
|
|
CVE Status:
Candidate
|
|
References:
XF http://xforce.iss.net/xforce/xfdb/36464
SAID Secunia Advisory: SA26659
OSVDB 37134
CERT-VN 979638
BID 25544
|
|
|
Return to the previous page.
|