[funsec] ActiveX strikes yet again -- This time its Intuit
rms at computerbytesman.com
rms at computerbytesman.com
Thu Sep 6 17:38:47 CDT 2007
Seesh. Another big software vendor places a backdoor on their customer's
computers that the bad guys can use also.
Richard
http://www.kb.cert.org/vuls/id/979638
Intuit QuickBooks Online Edition is a version of QuickBooks that is
implemented as an ActiveX control. This ActiveX control contains several
dangerous methods, such as httpGETToFile() and httpPOSTFromFile(). These
methods can be used to download or upload files in arbitrary locations.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://linuxbox.org/pipermail/funsec/attachments/20070906/1b5f4d62/attachment.html
More information about the funsec
mailing list