CVE-2007-4471 Information

Description

Multiple unspecified vulnerabilities in the Intuit QuickBooks Online Edition ActiveX control before 10 allow remote attackers to create or overwrite arbitrary files via unspecified arguments to the (1) httpGETToFile (2) httpPOSTFromFile and possibly other methods probably involving path traversal vulnerabilities in exposed dangerous methods. NOTE: this can be leveraged for code execution by writing to a Startup folder.

Reference

http://osvdb.org/37134 http://secunia.com/advisories/26659 http://www.kb.cert.org/vuls/id/979638 http://www.securityfocus.com/bid/25544 https://exchange.xforce.ibmcloud.com/vulnerabilities/36464