[Forgot Password]
Login  Register Subscribe

23631

 
 

115084

 
 

97559

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2012-2421

Date: (C)2012-04-25   (M)2015-12-16
 
CVSS Score: 1.8Access Vector: ADJACENT_NETWORK
Exploitability Subscore: 3.2Access Complexity: HIGH
Impact Subscore: 2.9Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: NONE
 Availability: NONE











Absolute path traversal vulnerability in the intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, might allow remote attackers to read arbitrary files in ZIP archives via a full pathname in the URI.

Reference:
http://www.securityfocus.com/archive/1/522139
VU#232979

CPE    4
cpe:/a:intuit:quickbooks:2012
cpe:/a:intuit:quickbooks:2011
cpe:/a:intuit:quickbooks:2010
cpe:/a:intuit:quickbooks:2009
...
CWE    1
CWE-22

© 2013 SecPod Technologies