CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2007-6387

Multiple stack-based buffer overflows in the awApi4.AnswerWorks.1 ActiveX control in awApi4.dll 4.0.0.42, as used by Vantage Linguistics AnswerWorks, and Intuit Clearly Bookkeeping, ProSeries, QuickBooks, Quicken, QuickTax, and TurboTax, allow remote attackers to execute arbitrary code via long arguments to the (1) GetHistory, (2) GetSeedQuery, (3) SetSeedQuery, and possibly other methods. NOTE: some of these details are obtained from third party information.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.572

EPSS Ranking 98.0%

CVSS Severity

CVSS v2 Score 9.3

References

Products affected by CVE-2007-6387

Intuit » Bookkeeping » Version: Any

cpe:2.3:a:intuit:bookkeeping:*
Intuit » Proseries » Version: Any

cpe:2.3:a:intuit:proseries:*
Intuit » Quickbooks » Version: 2009

cpe:2.3:a:intuit:quickbooks:2009
Intuit » Quickbooks » Version: 2010

cpe:2.3:a:intuit:quickbooks:2010
Intuit » Quickbooks » Version: 2011

cpe:2.3:a:intuit:quickbooks:2011
Intuit » Quickbooks » Version: 2012

cpe:2.3:a:intuit:quickbooks:2012
Intuit » Quicken » Version: 20.1.7.4

cpe:2.3:a:intuit:quicken:20.1.7.4
Intuit » Quicken » Version: 20.1.8.6

cpe:2.3:a:intuit:quicken:20.1.8.6
Intuit » Quicken » Version: 2001

cpe:2.3:a:intuit:quicken:2001
Intuit » Quicktax » Version: Any

cpe:2.3:a:intuit:quicktax:*
Intuit » Turbo Tax » Version: Any

cpe:2.3:a:intuit:turbo_tax:*
Microsoft » Activex » Version: 4.0.0.42

cpe:2.3:a:microsoft:activex:4.0.0.42
Vantage Linquistics » Answerworks » Version: Any

cpe:2.3:a:vantage_linquistics:answerworks:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2007-6387

Products

Pricing

Contact Us