Intuit QuickBooks Online Edition ActiveX Controls Multiple Vulnerabilities
BID:25544
Info
Intuit QuickBooks Online Edition ActiveX Controls Multiple Vulnerabilities
| Bugtraq ID: | 25544 |
| Class: | Unknown |
| CVE: |
CVE-2007-4471 CVE-2007-0322 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 05 2007 12:00AM |
| Updated: | Dec 18 2007 08:06PM |
| Credit: | Will Dormann of CERT/CC discovered these issues. |
| Vulnerable: |
Intuit QuickBooks Online Edition 9 |
| Not Vulnerable: |
Intuit QuickBooks Online Edition 10 |
Discussion
Intuit QuickBooks Online Edition ActiveX Controls Multiple Vulnerabilities
Multiple Intuit QuickBooks Online Edition ActiveX controls are prone to multiple vulnerabilities, including multiple stack-based buffer-overflow issues and an access-validation issue.
Attackers can exploit these issues to execute arbitrary code in the context of an application using the controls (typically Internet Explorer) or to upload and download files in arbitrary locations on the affected computer.
Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will likely cause denial-of-service conditions.
Versions prior to QuickBooks Online Edition 10 are vulnerable.
Multiple Intuit QuickBooks Online Edition ActiveX controls are prone to multiple vulnerabilities, including multiple stack-based buffer-overflow issues and an access-validation issue.
Attackers can exploit these issues to execute arbitrary code in the context of an application using the controls (typically Internet Explorer) or to upload and download files in arbitrary locations on the affected computer.
Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will likely cause denial-of-service conditions.
Versions prior to QuickBooks Online Edition 10 are vulnerable.
Exploit / POC
Intuit QuickBooks Online Edition ActiveX Controls Multiple Vulnerabilities
Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Intuit QuickBooks Online Edition ActiveX Controls Multiple Vulnerabilities
Solution:
The vendor released QuickBooks Online Edition 10 to address these issues. Please see the references and contact the vendor for more information.
Solution:
The vendor released QuickBooks Online Edition 10 to address these issues. Please see the references and contact the vendor for more information.
References
Intuit QuickBooks Online Edition ActiveX Controls Multiple Vulnerabilities
References:
References:
- Important Security Information (Intuit Inc.)
- Microsoft Knowledge Base Article 240797 (Microsoft)
- QuickBooks Online Edition Homepage (Intuit Inc.)
- MS Security Bulletin MS07-069 (Microsoft)
- VU#907481 Intuit QuickBooks Online Edition ActiveX control stack buffer overflow (US-CERT)
- VU#979638 Intuit QuickBooks Online Edition ActiveX control fails to properly res (US-CERT)