Unrated severityNVD Advisory· Published Dec 15, 2007· Updated Apr 23, 2026

CVE-2007-6387

Description

Multiple stack-based buffer overflows in the awApi4.AnswerWorks.1 ActiveX control in awApi4.dll 4.0.0.42, as used by Vantage Linguistics AnswerWorks, and Intuit Clearly Bookkeeping, ProSeries, QuickBooks, Quicken, QuickTax, and TurboTax, allow remote attackers to execute arbitrary code via long arguments to the (1) GetHistory, (2) GetSeedQuery, (3) SetSeedQuery, and possibly other methods. NOTE: some of these details are obtained from third party information.

Affected products

Intuit/Bookkeeping
cpe:2.3:a:intuit:bookkeeping:*:*:*:*:*:*:*:*
Intuit/Proseries
cpe:2.3:a:intuit:proseries:*:*:*:*:*:*:*:*
Intuit/Quickbooks
cpe:2.3:a:intuit:quickbooks:*:*:*:*:*:*:*:*
Intuit/Quicken
cpe:2.3:a:intuit:quicken:*:*:*:*:*:*:*:*
Intuit/Quicktax
cpe:2.3:a:intuit:quicktax:*:*:*:*:*:*:*:*
Intuit/Turbo Tax
cpe:2.3:a:intuit:turbo_tax:*:*:*:*:*:*:*:*
Microsoft/Activex
cpe:2.3:a:microsoft:activex:4.0.0.42:*:*:*:*:*:*:*
Vantage Linquistics/Answerworks
cpe:2.3:a:vantage_linquistics:answerworks:*:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/26670nvdPatchVendor Advisory
support.quickbooks.intuit.com/support/qbupdate2007/Default.aspxnvdPatch
www.intuit.com/support/security/nvdPatch
www.securityfocus.com/bid/26815nvdPatch
www.vantagelinguistics.com/answerworks/release/nvdPatch
secunia.com/advisories/26566nvdVendor Advisory
www.vupen.com/english/advisories/2007/4194nvd
www.vupen.com/english/advisories/2007/4195nvd
exchange.xforce.ibmcloud.com/vulnerabilities/39004nvd
www.exploit-db.com/exploits/4825nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.046
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000