CVE-2007-4471

Sažetak

Multiple unspecified vulnerabilities in the Intuit QuickBooks Online Edition ActiveX control before 10 allow remote attackers to create or overwrite arbitrary files via unspecified arguments to the (1) httpGETToFile, (2) httpPOSTFromFile, and possibly other methods, probably involving path traversal vulnerabilities in exposed dangerous methods. NOTE: this can be leveraged for code execution by writing to a Startup folder.

Reference

http://osvdb.org/37134
http://secunia.com/advisories/26659
http://www.kb.cert.org/vuls/id/979638
http://www.securityfocus.com/bid/25544
https://exchange.xforce.ibmcloud.com/vulnerabilities/36464

CVSS

Base:	9.3
Impact:	10.0
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

29-07-2017 - 01:32

Objavljeno

05-09-2007 - 19:17