Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2423

Overview

Vulnerability Score 1.8 1.8
CVE Id CVE-2012-2423
Last Modified 27 Apr 2012 12:00:00
Published 25 Apr 2012 04:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector ADJACENT_NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2012-2423

Summary

The intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, provide different responses to remote requests depending on whether a ZIP pathname is valid, which allows remote attackers to obtain potentially sensitive information about the installation path and product version via a series of requests involving the Msxml2.XMLHTTP object.

Vulnerable Systems

Application

  • Intuit Quickbooks 2009

  • Intuit Quickbooks 2010

  • Intuit Quickbooks 2011

  • Intuit Quickbooks 2012


References

CERT-VN - VU#232979

BUGTRAQ - 20120330 Intuit Help System Protocol File Retrieval


Last Updated: 27 May 2016 10:49:35