CVE-2007-6387
published 2007-12-15CVE-2007-6387: Multiple stack-based buffer overflows in the awApi4.AnswerWorks.1 ActiveX control in awApi4.dll 4.0.0.42, as used by Vantage Linguistics AnswerWorks, and…
PriorityP351critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
38.03%
98.4th percentile
Multiple stack-based buffer overflows in the awApi4.AnswerWorks.1 ActiveX control in awApi4.dll 4.0.0.42, as used by Vantage Linguistics AnswerWorks, and Intuit Clearly Bookkeeping, ProSeries, QuickBooks, Quicken, QuickTax, and TurboTax, allow remote attackers to execute arbitrary code via long arguments to the (1) GetHistory, (2) GetSeedQuery, (3) SetSeedQuery, and possibly other methods. NOTE: some of these details are obtained from third party information.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | activex | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect instantiation of the awApi4.AnswerWorks.1 ActiveX control (ProgID) in a browser context, which is the attack surface for this exploit. ↗
- →Monitor for calls to GetHistory, GetSeedQuery, or SetSeedQuery methods on the AnswerWorks ActiveX control with abnormally long string arguments, indicative of a stack-based buffer overflow attempt. ↗
- →The exploit uses a JavaScript loop to build a large buffer of repeated 'A' characters passed to the ActiveX method — look for large repeated-character strings in script calling AnswerWorks ActiveX methods. ↗
- ·The vulnerable DLL version is specifically 4.0.0.42; other versions may or may not be affected. ↗
- ·Beyond GetHistory, GetSeedQuery, and SetSeedQuery, additional methods of the same ActiveX control may also be exploitable via the same overflow vector. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://secunia.com/advisories/26566http://secunia.com/advisories/26670http://support.quickbooks.intuit.com/support/qbupdate2007/Default.aspxhttp://www.intuit.com/support/security/http://www.securityfocus.com/bid/26815http://www.vantagelinguistics.com/answerworks/release/http://www.vupen.com/english/advisories/2007/4194http://www.vupen.com/english/advisories/2007/4195https://exchange.xforce.ibmcloud.com/vulnerabilities/39004https://www.exploit-db.com/exploits/4825http://secunia.com/advisories/26566http://secunia.com/advisories/26670http://support.quickbooks.intuit.com/support/qbupdate2007/Default.aspxhttp://www.intuit.com/support/security/http://www.securityfocus.com/bid/26815http://www.vantagelinguistics.com/answerworks/release/http://www.vupen.com/english/advisories/2007/4194http://www.vupen.com/english/advisories/2007/4195https://exchange.xforce.ibmcloud.com/vulnerabilities/39004https://www.exploit-db.com/exploits/4825
2007-12-15
Published