• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Intuit QuickBooks Online Edition ActiveX Controls Multiple Vulnerabilities

Multiple Intuit QuickBooks Online Edition ActiveX controls are prone to multiple vulnerabilities, including multiple stack-based buffer-overflow issues and an access-validation issue.

Attackers can exploit these issues to execute arbitrary code in the context of an application using the controls (typically Internet Explorer) or to upload and download files in arbitrary locations on the affected computer.

Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will likely cause denial-of-service conditions.

Versions prior to QuickBooks Online Edition 10 are vulnerable.