Lucene search

[email protected]NVD:CVE-2007-4471

HistorySep 05, 2007 - 7:17 p.m.

CVE-2007-4471

2007-09-0519:17:00

CWE-264

CWE-22

[email protected]

web.nvd.nist.gov

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.6

Confidence

Low

EPSS

0.033

Percentile

91.5%

JSON

Multiple unspecified vulnerabilities in the Intuit QuickBooks Online Edition ActiveX control before 10 allow remote attackers to create or overwrite arbitrary files via unspecified arguments to the (1) httpGETToFile, (2) httpPOSTFromFile, and possibly other methods, probably involving path traversal vulnerabilities in exposed dangerous methods. NOTE: this can be leveraged for code execution by writing to a Startup folder.

Affected configurations

Nvd

Node

intuitquickbooksonline

VendorProductVersionCPE
intuitquickbooks*cpe:2.3:a:intuit:quickbooks:*:*:online:*:*:*:*:*

Vendor	Product	Version	CPE
intuit	quickbooks	*	cpe:2.3:a:intuit:quickbooks:::online:::::*

References

osvdb.org/37134

secunia.com/advisories/26659

www.kb.cert.org/vuls/id/979638

www.securityfocus.com/bid/25544

exchange.xforce.ibmcloud.com/vulnerabilities/36464

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.6

Confidence

Low

EPSS

0.033

Percentile

91.5%

JSON

Related for NVD:CVE-2007-4471

prion1 cert1 cve1 cvelist1 nessus2 seebug1