CVE-2007-4471: Path Traversal
First published: Wed Sep 05 2007(Updated: )
Multiple unspecified vulnerabilities in the Intuit QuickBooks Online Edition ActiveX control before 10 allow remote attackers to create or overwrite arbitrary files via unspecified arguments to the (1) httpGETToFile, (2) httpPOSTFromFile, and possibly other methods, probably involving path traversal vulnerabilities in exposed dangerous methods. NOTE: this can be leveraged for code execution by writing to a Startup folder.
Credit: cret@cert.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| QuickBooks |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2007-4471?
CVE-2007-4471 is considered a critical vulnerability due to its potential for remote code execution and file manipulation.
How do I fix CVE-2007-4471?
To fix CVE-2007-4471, update to the latest version of Intuit QuickBooks Online Edition that addresses this vulnerability.
What are the potential impacts of exploiting CVE-2007-4471?
Exploiting CVE-2007-4471 can allow attackers to create, overwrite, or manipulate files on the affected system.
Who is affected by CVE-2007-4471?
CVE-2007-4471 affects users of Intuit QuickBooks Online Edition prior to version 10.
What methods are involved in the CVE-2007-4471 vulnerability?
CVE-2007-4471 involves the ActiveX control methods httpGETToFile and httpPOSTFromFile for file manipulation.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/severity
- agent/remedy
- agent/references
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/weakness
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/intuit
- canonical/quickbooks