Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2421

Overview

Vulnerability Score 1.8 1.8
CVE Id CVE-2012-2421
Last Modified 27 Apr 2012 12:00:00
Published 25 Apr 2012 04:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector ADJACENT_NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2012-2421

Summary

Absolute path traversal vulnerability in the intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, might allow remote attackers to read arbitrary files in ZIP archives via a full pathname in the URI.

Vulnerable Systems

Application

  • Intuit Quickbooks 2009

  • Intuit Quickbooks 2010

  • Intuit Quickbooks 2011

  • Intuit Quickbooks 2012


References

CERT-VN - VU#232979

BUGTRAQ - 20120330 Intuit Help System Protocol File Retrieval


Last Updated: 27 May 2016 10:49:35