CVE-2007-6387 Information
Description
Multiple stack-based buffer overflows in the awApi4.AnswerWorks.1 ActiveX control in awApi4.dll 4.0.0.42 as used by Vantage Linguistics AnswerWorks and Intuit Clearly Bookkeeping ProSeries QuickBooks Quicken QuickTax and TurboTax allow remote attackers to execute arbitrary code via long arguments to the (1) GetHistory (2) GetSeedQuery (3) SetSeedQuery and possibly other methods. NOTE: some of these details are obtained from third party information.
Reference
http://secunia.com/advisories/26566 http://secunia.com/advisories/26670 http://support.quickbooks.intuit.com/support/qbupdate2007/Default.aspx http://www.intuit.com/support/security/ http://www.securityfocus.com/bid/26815 http://www.vantagelinguistics.com/answerworks/release/ http://www.vupen.com/english/advisories/2007/4194 http://www.vupen.com/english/advisories/2007/4195 https://exchange.xforce.ibmcloud.com/vulnerabilities/39004 https://www.exploit-db.com/exploits/4825
Share on: