Vulnerability Description
Absolute path traversal vulnerability in the intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, might allow remote attackers to read arbitrary files in ZIP archives via a full pathname in the URI.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Intuit | Quickbooks | 2009 |
| Microsoft | Internet Explorer | All versions |
Related Weaknesses (CWE)
References
- http://www.kb.cert.org/vuls/id/232979US Government Resource
- http://www.securityfocus.com/archive/1/522139
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75172
- http://www.kb.cert.org/vuls/id/232979US Government Resource
- http://www.securityfocus.com/archive/1/522139
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75172
FAQ
What is CVE-2012-2421?
CVE-2012-2421 is a vulnerability with a CVSS score of 1.8 (LOW). Absolute path traversal vulnerability in the intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Inte...
How severe is CVE-2012-2421?
CVE-2012-2421 has been rated LOW with a CVSS base score of 1.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-2421?
Check the references section above for vendor advisories and patch information. Affected products include: Intuit Quickbooks, Microsoft Internet Explorer.