← Back to CVEs
CVE-2007-4471
N/ADescription
Multiple unspecified vulnerabilities in the Intuit QuickBooks Online Edition ActiveX control before 10 allow remote attackers to create or overwrite arbitrary files via unspecified arguments to the (1) httpGETToFile, (2) httpPOSTFromFile, and possibly other methods, probably involving path traversal vulnerabilities in exposed dangerous methods. NOTE: this can be leveraged for code execution by writing to a Startup folder.
CVE Details
CVSS v3.1 ScoreN/A
Published9/5/2007
Last Modified4/23/2026
Sourcenvd
Honeypot Sightings0
Affected Products
intuit:quickbooks
Weaknesses (CWE)
CWE-22CWE-264
References
http://osvdb.org/37134(cret@cert.org)
http://secunia.com/advisories/26659(cret@cert.org)
http://www.kb.cert.org/vuls/id/979638(cret@cert.org)
http://www.securityfocus.com/bid/25544(cret@cert.org)
https://exchange.xforce.ibmcloud.com/vulnerabilities/36464(cret@cert.org)
http://osvdb.org/37134(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/26659(af854a3a-2127-422b-91ae-364da2661108)
http://www.kb.cert.org/vuls/id/979638(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/25544(af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/36464(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.