CVE-2007-4471

Name of the Vulnerable Software and Affected Versions Intuit QuickBooks Online Edition versions prior to 10

Description The issue involves multiple unspecified vulnerabilities in the ActiveX control, allowing remote attackers to create or overwrite arbitrary files. This can be achieved via unspecified arguments to the (1) httpGETToFile, (2) httpPOSTFromFile, and possibly other methods, likely involving path traversal vulnerabilities in exposed dangerous methods. It is noted that this issue can be leveraged for code execution by writing to a Startup folder.

Recommendations For versions prior to 10, update to version 10 or later to resolve the issue. As a temporary workaround, consider restricting access to the httpGETToFile and httpPOSTFromFile methods until a patch is available. Avoid using these methods with untrusted input to minimize the risk of exploitation.