CVE-2012-2421

UNRATEDPath traversal

Description

Absolute path traversal vulnerability in the intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, might allow remote attackers to read arbitrary files in ZIP archives via a full pathname in the URI.

Affected products

intuit / quickbooks2009 – 2009
intuit / quickbooks2010 – 2010
intuit / quickbooks2011 – 2011
intuit / quickbooks2012 – 2012

References

MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/75172
MISChttp://www.securityfocus.com/archive/1/522139
MISChttp://www.kb.cert.org/vuls/id/232979

Updated 47m ago · 2 sources