cpe:/a:intuit:bookkeeping cpe:/a:intuit:proseries cpe:/a:intuit:quickbooks cpe:/a:intuit:quicken cpe:/a:intuit:quicktax cpe:/a:intuit:turbo_tax cpe:/a:microsoft:activex:4.0.0.42 cpe:/a:vantage_linquistics:answerworks CVE-2007-6387 2007-12-14T21:46:00.000-05:00 2017-09-28T21:29:54.393-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2007-12-17T14:08:00.000-05:00 SECUNIA 26566 SECUNIA 26670 BID 26815 EXPLOIT-DB 4825 VUPEN ADV-2007-4194 VUPEN ADV-2007-4195 MISC http://support.quickbooks.intuit.com/support/qbupdate2007/Default.aspx CONFIRM http://www.intuit.com/support/security/ CONFIRM http://www.vantagelinguistics.com/answerworks/release/ XF vantage-answerworks-bo(39004) Multiple stack-based buffer overflows in the awApi4.AnswerWorks.1 ActiveX control in awApi4.dll 4.0.0.42, as used by Vantage Linguistics AnswerWorks, and Intuit Clearly Bookkeeping, ProSeries, QuickBooks, Quicken, QuickTax, and TurboTax, allow remote attackers to execute arbitrary code via long arguments to the (1) GetHistory, (2) GetSeedQuery, (3) SetSeedQuery, and possibly other methods. NOTE: some of these details are obtained from third party information.