CVE-2007-6387

Name of the Vulnerable Software and Affected Versions awApi4.dll version 4.0.0.42

Description The issue is related to multiple stack-based buffer overflows in the awApi4.AnswerWorks.1 ActiveX control. This control is used by various applications, including Vantage Linguistics AnswerWorks and Intuit products such as Clearly Bookkeeping, ProSeries, QuickBooks, Quicken, QuickTax, and TurboTax. The buffer overflows can be triggered by remote attackers sending long arguments to certain methods, including GetHistory, GetSeedQuery, and SetSeedQuery, potentially allowing the execution of arbitrary code.

Recommendations For awApi4.dll version 4.0.0.42, consider disabling the GetHistory, GetSeedQuery, and SetSeedQuery methods until a patch is available to prevent potential exploitation. Restrict access to the awApi4.dll module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.