Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2422

Overview

Vulnerability Score 2.9 2.9
CVE Id CVE-2012-2422
Last Modified 27 Apr 2012 12:00:00
Published 25 Apr 2012 04:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector ADJACENT_NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-2422

Summary

Intuit QuickBooks 2009 through 2012 might allow remote attackers to obtain pathname information via the qbwc://docontrol/GetCompanyFile functionality.

Vulnerable Systems

Application

  • Intuit Quickbooks 2009

  • Intuit Quickbooks 2010

  • Intuit Quickbooks 2011

  • Intuit Quickbooks 2012


References

CERT-VN - VU#232979

BUGTRAQ - 20120330 Intuit Help System Protocol File Retrieval


Last Updated: 27 May 2016 10:49:35