CVSS: 1.8EPSS: 0%CPEs: 5EXPL: 2CVE-2012-2425
https://notcve.org/view.php?id=CVE-2012-2425
The intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, allow remote attackers to cause a denial of service (application crash) via a long URI. Los manejadores intu-help-qb (también conocido como Intuit Help System Async Pluggable Protocol) en HelpAsyncPluggableProtocol.dll en Intuit QuickBooks v2009 hasta v2012, cuando se utiliza Internet Explorer, permite a atacantes remotos causar una denegación de servicio (caída de aplicación) a través de una URI larga. • http://packetstormsecurity.org/files/111403/Intuit-Help-System-Protocol-File-Retrieval.html http://www.kb.cert.org/vuls/id/232979 http://www.securityfocus.com/archive/1/522138 http://www.securityfocus.com/archive/1/522139 https://exchange.xforce.ibmcloud.com/vulnerabilities/75176 • CWE-20: Improper Input Validation •
CVSS: 1.8EPSS: 0%CPEs: 5EXPL: 1CVE-2012-2420
https://notcve.org/view.php?id=CVE-2012-2420
The intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, might allow remote attackers to obtain sensitive information via a URI with a % (percent) character as its (1) last or (2) second-to-last character, in situations where a certain "post-URL data" buffer contains a 0x0000 character but a buffer overflow does not occur. Los manejadores intu-help-qb (también conocido como Intuit Help System Async Pluggable Protocol) en HelpAsyncPluggableProtocol.dll en Intuit QuickBooks v2009 hasta v2012, cuando se utiliza Internet Explorer, podría permitir a atacantes remotos obtener información sensible a través de un URI con un % (tanto por ciento) como (1) último o (2) penúltimo carácter, en situaciones en que una cierto búfer "post-URL data" contiene un carácter 0x0000, pero no se produce desbordamiento. • http://osvdb.org/80820 http://www.kb.cert.org/vuls/id/232979 http://www.securityfocus.com/archive/1/522138 https://exchange.xforce.ibmcloud.com/vulnerabilities/74548 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 59%CPEs: 8EXPL: 1CVE-2007-6387 – Vantage Linguistics AnswerWorks 4 - API ActiveX Control Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-6387
Multiple stack-based buffer overflows in the awApi4.AnswerWorks.1 ActiveX control in awApi4.dll 4.0.0.42, as used by Vantage Linguistics AnswerWorks, and Intuit Clearly Bookkeeping, ProSeries, QuickBooks, Quicken, QuickTax, and TurboTax, allow remote attackers to execute arbitrary code via long arguments to the (1) GetHistory, (2) GetSeedQuery, (3) SetSeedQuery, and possibly other methods. NOTE: some of these details are obtained from third party information. Múltiples desbordamientos de búfer basados en pila en el control ActiveX awApi4.AnswerWorks.1 en awApi4.dll 4.0.0.42, como el utilizado por Vantage Linguistics AnswerWorks, y Intuit Clearly Bookkeeping, ProSeries, QuickBooks, Quicken, QuickTax, y TurboTax, permite a atacantes remotos ejecutar código de su elección mediante argumentos largos a (1) GetHistory, (2) GetSeedQuery, (3) SetSeedQuery, y posiblemente otros métodos. NOTA: algunos de estos detalles se han obtenido de información de terceros. • https://www.exploit-db.com/exploits/4825 http://secunia.com/advisories/26566 http://secunia.com/advisories/26670 http://support.quickbooks.intuit.com/support/qbupdate2007/Default.aspx http://www.intuit.com/support/security http://www.securityfocus.com/bid/26815 http://www.vantagelinguistics.com/answerworks/release http://www.vupen.com/english/advisories/2007/4194 http://www.vupen.com/english/advisories/2007/4195 https://exchange.xforce.ibmcloud.com/vulnerabilities/39004 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 6%CPEs: 1EXPL: 0CVE-2007-0322
https://notcve.org/view.php?id=CVE-2007-0322
Multiple stack-based buffer overflows in the Intuit QuickBooks Online Edition ActiveX control before 10 allow remote attackers to execute arbitrary code via unspecified vectors. Múltiples desbordamientos de búfer basados en pila en el control ActiveX Intuit QuickBooks Online Edition anterior a 10 permite a atacantes remotos ejecutar código de su elección mediante vectores no especificados. • http://secunia.com/advisories/26659 http://www.kb.cert.org/vuls/id/907481 http://www.securityfocus.com/bid/25544 https://exchange.xforce.ibmcloud.com/vulnerabilities/36462 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 3%CPEs: 1EXPL: 0CVE-2007-4471
https://notcve.org/view.php?id=CVE-2007-4471
Multiple unspecified vulnerabilities in the Intuit QuickBooks Online Edition ActiveX control before 10 allow remote attackers to create or overwrite arbitrary files via unspecified arguments to the (1) httpGETToFile, (2) httpPOSTFromFile, and possibly other methods, probably involving path traversal vulnerabilities in exposed dangerous methods. NOTE: this can be leveraged for code execution by writing to a Startup folder. Múltiples vulnerabilidades no especificadas en el control ActiveX Intuit QuickBooks Online Edition anterior a 10 permite a atacantes remotos crear o sobrescribir ficheros de su elección mediante argumentos no especificados a (1) httpGETToFile, (2) httpPOSTFromFile, y posiblemente otros métodos, que probablemente involucran vulnerabilidades de salto de ruta en métodos peligros expuestos. NOTA: esto podría ser aprovechado para la ejecución de código escribiendo en la carpeta Startup. • http://osvdb.org/37134 http://secunia.com/advisories/26659 http://www.kb.cert.org/vuls/id/979638 http://www.securityfocus.com/bid/25544 https://exchange.xforce.ibmcloud.com/vulnerabilities/36464 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-264: Permissions, Privileges, and Access Controls •