Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMitreCVE-2007-6387
HistoryDec 15, 2007 - 2:46 a.m.

CVE-2007-6387

2007-12-1502:46:00
CWE-119
mitre
web.nvd.nist.gov
44
cve-2007-6387
buffer overflow
stack-based overflow
awapi4.answerworks.1
activex control
vantage linguistics
intuit
remote code execution
nvd

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.8

Confidence

Low

EPSS

0.641

Percentile

97.9%

JSON

Multiple stack-based buffer overflows in the awApi4.AnswerWorks.1 ActiveX control in awApi4.dll 4.0.0.42, as used by Vantage Linguistics AnswerWorks, and Intuit Clearly Bookkeeping, ProSeries, QuickBooks, Quicken, QuickTax, and TurboTax, allow remote attackers to execute arbitrary code via long arguments to the (1) GetHistory, (2) GetSeedQuery, (3) SetSeedQuery, and possibly other methods. NOTE: some of these details are obtained from third party information.

Affected configurations

Nvd
Node
intuitbookkeeping
OR
intuitproseries
OR
intuitquickbooks
OR
intuitquicken
OR
intuitquicktax
OR
intuitturbo_tax
OR
microsoftactivexMatch4.0.0.42
OR
vantage_linquisticsanswerworks
VendorProductVersionCPE
intuitbookkeeping*cpe:2.3:a:intuit:bookkeeping:*:*:*:*:*:*:*:*
intuitproseries*cpe:2.3:a:intuit:proseries:*:*:*:*:*:*:*:*
intuitquickbooks*cpe:2.3:a:intuit:quickbooks:*:*:*:*:*:*:*:*
intuitquicken*cpe:2.3:a:intuit:quicken:*:*:*:*:*:*:*:*
intuitquicktax*cpe:2.3:a:intuit:quicktax:*:*:*:*:*:*:*:*
intuitturbo_tax*cpe:2.3:a:intuit:turbo_tax:*:*:*:*:*:*:*:*
microsoftactivex4.0.0.42cpe:2.3:a:microsoft:activex:4.0.0.42:*:*:*:*:*:*:*
vantage_linquisticsanswerworks*cpe:2.3:a:vantage_linquistics:answerworks:*:*:*:*:*:*:*:*

Related

cvelist 1
nvd 1
exploitpack 1
prion 1
exploitdb 1
seebug 1
zdt 1
packetstorm 1
nessus 1
cvelist
cvelist
CVE-2007-6387
2007-12-15 02:00:00
nvd
nvd
CVE-2007-6387
2007-12-15 02:46:00
exploitpack
exploitpack
Vantage Linguistics AnswerWorks 4 - API ActiveX Control Buffer Overflow
2007-12-31 00:00:00
prion
prion
Stack overflow
2007-12-15 02:46:00
exploitdb
exploitdb
Vantage Linguistics AnswerWorks 4 - API ActiveX Control Buffer Overflow
2007-12-31 00:00:00
seebug
seebug
Vantage Linguistics AnswerWorks 4 API ActiveX Control BoF Exploit
2008-01-01 00:00:00
zdt
zdt
Vantage Linguistics AnswerWorks 4 API ActiveX Control BoF Exploit
2007-12-31 00:00:00
packetstorm
packetstorm
vantage-overflow.txt
2007-12-31 00:00:00
nessus
nessus
MS07-069: Cumulative Security Update for Internet Explorer (942615)
2007-12-11 00:00:00

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.8

Confidence

Low

EPSS

0.641

Percentile

97.9%

JSON
Related for CVE-2007-6387
cvelist1nvd1exploitpack1prion1exploitdb1seebug1zdt1packetstorm1nessus1