Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6387

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2007-6387
Last Modified 07 Mar 2011 10:02:36
Published 14 Dec 2007 09:46:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-6387

Summary

Multiple stack-based buffer overflows in the awApi4.AnswerWorks.1 ActiveX control in awApi4.dll 4.0.0.42, as used by Vantage Linguistics AnswerWorks, and Intuit Clearly Bookkeeping, ProSeries, QuickBooks, Quicken, QuickTax, and TurboTax, allow remote attackers to execute arbitrary code via long arguments to the (1) GetHistory, (2) GetSeedQuery, (3) SetSeedQuery, and possibly other methods. NOTE: some of these details are obtained from third party information.

Vulnerable Systems

Application

  • Intuit Bookkeeping

  • Intuit Proseries

  • Intuit Quickbooks

  • Intuit Quicken

  • Intuit Quicktax

  • Intuit Turbo Tax

  • Microsoft Activex 4.0.0.42

  • Vantage Linquistics Answerworks


References

CONFIRM - http://www.vantagelinguistics.com/answerworks/release/

BID - 26815

CONFIRM - http://www.intuit.com/support/security/

MISC - http://support.quickbooks.intuit.com/support/qbupdate2007/Default.aspx

SECUNIA - 26670

VUPEN - ADV-2007-4195

VUPEN - ADV-2007-4194

SECUNIA - 26566

XF - vantage-answerworks-bo(39004)

MILW0RM - 4825


Last Updated: 27 May 2016 10:46:28