funsec mailing list archives

ActiveX strikes yet again -- This time its Intuit

From: <rms () computerbytesman com>
Date: Thu, 6 Sep 2007 18:38:47 -0400

Seesh.  Another big software vendor places a backdoor on their customer's
computers that the bad guys can use also. 

 

Richard

 

http://www.kb.cert.org/vuls/id/979638

 

Intuit QuickBooks Online Edition is a version of QuickBooks that is
implemented as an ActiveX control. This ActiveX control contains several
dangerous methods, such as httpGETToFile() and httpPOSTFromFile(). These
methods can be used to download or upload files in arbitrary locations.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

ActiveX strikes yet again -- This time its Intuit rms (Sep 06)
- <Possible follow-ups>
- Re: ActiveX strikes yet again -- This time its Intuit Juha-Matti Laurio (Sep 06)
- Re: ActiveX strikes yet again -- This time its Intuit Paul Ferguson (Sep 06)
  - RE: ActiveX strikes yet again -- This time its Intuit Richard M. Smith (Sep 07)
    - RE: ActiveX strikes yet again -- This time its Intuit David Harley (Sep 07)
    - RE: ActiveX strikes yet again -- This time its Intuit Drsolly (Sep 07)