funsec mailing list archives
Re: ActiveX strikes yet again -- This time its Intuit
From: Juha-Matti Laurio <juha-matti.laurio () netti fi>
Date: Fri, 7 Sep 2007 07:58:02 +0300 (EEST)
And probably not the last vendor - reported by this US-CERT team member: http://secunia.com/search/?search=Will+Dormann+activex&sort_by=date - Juha-Mattirms () computerbytesman com wrote:
Seesh. Another big software vendor places a backdoor on their customers computers that the bad guys can use also. Richard http://www.kb.cert.org/vuls/id/979638 Intuit QuickBooks Online Edition is a version of QuickBooks that is implemented as an ActiveX control. This ActiveX control contains several dangerous methods, such as httpGETToFile() and httpPOSTFromFile(). These methods can be used to download or upload files in arbitrary locations.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- ActiveX strikes yet again -- This time its Intuit rms (Sep 06)
- <Possible follow-ups>
- Re: ActiveX strikes yet again -- This time its Intuit Juha-Matti Laurio (Sep 06)
- Re: ActiveX strikes yet again -- This time its Intuit Paul Ferguson (Sep 06)
- RE: ActiveX strikes yet again -- This time its Intuit Richard M. Smith (Sep 07)
- RE: ActiveX strikes yet again -- This time its Intuit David Harley (Sep 07)
- RE: ActiveX strikes yet again -- This time its Intuit Drsolly (Sep 07)
- RE: ActiveX strikes yet again -- This time its Intuit Richard M. Smith (Sep 07)