← Voltar para CVEs
CVE-2007-4471
N/ADescricao
Multiple unspecified vulnerabilities in the Intuit QuickBooks Online Edition ActiveX control before 10 allow remote attackers to create or overwrite arbitrary files via unspecified arguments to the (1) httpGETToFile, (2) httpPOSTFromFile, and possibly other methods, probably involving path traversal vulnerabilities in exposed dangerous methods. NOTE: this can be leveraged for code execution by writing to a Startup folder.
Detalhes CVE
Pontuacao CVSS v3.1N/A
Publicado9/5/2007
Ultima modificacao4/23/2026
Fontenvd
Avistamentos honeypot0
Produtos afetados
intuit:quickbooks
Fraquezas (CWE)
CWE-22CWE-264
Referencias
http://osvdb.org/37134(cret@cert.org)
http://secunia.com/advisories/26659(cret@cert.org)
http://www.kb.cert.org/vuls/id/979638(cret@cert.org)
http://www.securityfocus.com/bid/25544(cret@cert.org)
https://exchange.xforce.ibmcloud.com/vulnerabilities/36464(cret@cert.org)
http://osvdb.org/37134(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/26659(af854a3a-2127-422b-91ae-364da2661108)
http://www.kb.cert.org/vuls/id/979638(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/25544(af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/36464(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.