funsec mailing list archives

Re: ActiveX strikes yet again -- This time its Intuit

From: Juha-Matti Laurio <juha-matti.laurio () netti fi>
Date: Fri, 7 Sep 2007 07:58:02 +0300 (EEST)

And probably not the last vendor - reported by this US-CERT team member:
http://secunia.com/search/?search=Will+Dormann+activex&sort_by=date

- Juha-Matti

rms () computerbytesman com wrote:


Seesh.  Another big software vendor places a backdoor on their customers computers that the bad guys can use also.


Richard


http://www.kb.cert.org/vuls/id/979638


Intuit QuickBooks Online Edition is a version of QuickBooks that is implemented as an ActiveX control.
This ActiveX control contains several dangerous methods, such as httpGETToFile() and httpPOSTFromFile(). These methods 
can be used to download or upload files in arbitrary locations.


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

ActiveX strikes yet again -- This time its Intuit rms (Sep 06)
- <Possible follow-ups>
- Re: ActiveX strikes yet again -- This time its Intuit Juha-Matti Laurio (Sep 06)
- Re: ActiveX strikes yet again -- This time its Intuit Paul Ferguson (Sep 06)
  - RE: ActiveX strikes yet again -- This time its Intuit Richard M. Smith (Sep 07)
    - RE: ActiveX strikes yet again -- This time its Intuit David Harley (Sep 07)
    - RE: ActiveX strikes yet again -- This time its Intuit Drsolly (Sep 07)