CVE-2007-4471

Multiple unspecified vulnerabilities in the Intuit QuickBooks Online Edition ActiveX control before 10 allow remote attackers to create or overwrite arbitrary files via unspecified arguments to the (1) httpGETToFile, (2) httpPOSTFromFile, and possibly other methods, probably involving path traversal vulnerabilities in exposed dangerous methods. NOTE: this can be leveraged for code execution by writing to a Startup folder.

Published: Sep 5, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-4471
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-22
CWE-264

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
intuit / quickbooks	-	-

http://osvdb.org/37134
http://secunia.com/advisories/26659
http://www.kb.cert.org/vuls/id/979638
http://www.securityfocus.com/bid/25544
https://exchange.xforce.ibmcloud.com/vulnerabilities/36464

Vulnerability Database

289,871

CVE-2007-4471