CVE-2007-6387: Buffer Overflow
First published: Sat Dec 15 2007(Updated: )
Multiple stack-based buffer overflows in the awApi4.AnswerWorks.1 ActiveX control in awApi4.dll 4.0.0.42, as used by Vantage Linguistics AnswerWorks, and Intuit Clearly Bookkeeping, ProSeries, QuickBooks, Quicken, QuickTax, and TurboTax, allow remote attackers to execute arbitrary code via long arguments to the (1) GetHistory, (2) GetSeedQuery, (3) SetSeedQuery, and possibly other methods. NOTE: some of these details are obtained from third party information.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Intuit QuickBooks | ||
| Intuit ProSeries | ||
| QuickBooks | ||
| Quicken | ||
| Intuit QuickBooks | ||
| Intuit TurboTax | ||
| ActiveX | =4.0.0.42 | |
| Vantage Linguistics AnswerWorks |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://support.quickbooks.intuit.com/support/qbupdate2007/Default.aspx
- http://www.intuit.com/support/security/
- http://www.vantagelinguistics.com/answerworks/release/
- http://www.securityfocus.com/bid/26815
- http://secunia.com/advisories/26566
- http://secunia.com/advisories/26670
- http://www.vupen.com/english/advisories/2007/4194
- http://www.vupen.com/english/advisories/2007/4195
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39004
- https://www.exploit-db.com/exploits/4825
Frequently Asked Questions
What is the severity of CVE-2007-6387?
CVE-2007-6387 is considered a high-severity vulnerability due to its potential for remote code execution.
How do I fix CVE-2007-6387?
To mitigate CVE-2007-6387, ensure that all affected software, including Intuit products, is updated to the latest security patches.
Which software is affected by CVE-2007-6387?
CVE-2007-6387 affects various Intuit software products like QuickBooks, ProSeries, Quicken, TurboTax, and the Vantage Linguistics AnswerWorks ActiveX control.
Can CVE-2007-6387 be exploited remotely?
Yes, CVE-2007-6387 can be exploited remotely by attackers through specially crafted input.
What are the consequences of exploiting CVE-2007-6387?
Exploiting CVE-2007-6387 can lead to the execution of arbitrary code on the target system, potentially allowing attackers to gain control of the affected software.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/author
- agent/severity
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/intuit
- canonical/intuit quickbooks
- canonical/intuit proseries
- canonical/quickbooks
- canonical/quicken
- canonical/intuit turbotax
- vendor/microsoft
- canonical/activex
- version/activex/4.0.0.42
- vendor/vantage linquistics
- canonical/vantage linguistics answerworks