CVE-2007-4471

N/A Unknown
Published: September 05, 2007 Modified: April 23, 2026
View on NVD

Description

Multiple unspecified vulnerabilities in the Intuit QuickBooks Online Edition ActiveX control before 10 allow remote attackers to create or overwrite arbitrary files via unspecified arguments to the (1) httpGETToFile, (2) httpPOSTFromFile, and possibly other methods, probably involving path traversal vulnerabilities in exposed dangerous methods. NOTE: this can be leveraged for code execution by writing to a Startup folder.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://osvdb.org/37134
Source: cret@cert.org
http://secunia.com/advisories/26659
Source: cret@cert.org
http://www.kb.cert.org/vuls/id/979638
Source: cret@cert.org
Patch Third Party Advisory US Government Resource
http://www.securityfocus.com/bid/25544
Source: cret@cert.org
https://exchange.xforce.ibmcloud.com/vulnerabilities/36464
Source: cret@cert.org
http://osvdb.org/37134
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/26659
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.kb.cert.org/vuls/id/979638
Source: af854a3a-2127-422b-91ae-364da2661108
Patch Third Party Advisory US Government Resource
http://www.securityfocus.com/bid/25544
Source: af854a3a-2127-422b-91ae-364da2661108
https://exchange.xforce.ibmcloud.com/vulnerabilities/36464
Source: af854a3a-2127-422b-91ae-364da2661108

10 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
5.2%
91th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-22 CWE-264

Affected Vendors

intuit

Related CVEs

CVE-2026-40941 N/A
CVE-2026-40084 6.5
CVE-2026-40083 7.2
CVE-2026-40082 5.4
CVE-2026-40080 6.1