CVE-2012-2421
Summary
| CVE | CVE-2012-2421 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2012-04-25 20:55:00 UTC |
| Updated | 2021-07-23 15:12:00 UTC |
| Description | Absolute path traversal vulnerability in the intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, might allow remote attackers to read arbitrary files in ZIP archives via a full pathname in the URI. |
Risk And Classification
Problem Types: CWE-22
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Intuit | Quickbooks | 2009 | All | All | All |
| Application | Intuit | Quickbooks | 2010 | All | All | All |
| Application | Intuit | Quickbooks | 2011 | All | All | All |
| Application | Intuit | Quickbooks | 2012 | All | All | All |
| Application | Intuit | Quickbooks | 2009 | All | All | All |
| Application | Intuit | Quickbooks | 2010 | All | All | All |
| Application | Intuit | Quickbooks | 2011 | All | All | All |
| Application | Intuit | Quickbooks | 2012 | All | All | All |
| Application | Microsoft | Ie | All | All | All | All |
| Application | Microsoft | Ie | All | All | All | All |
| Application | Microsoft | Internet Explorer | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Vulnerability Note VU#232979 - Multiple vulnerabilities in Intuit QuickBooks | CERT-VN | www.kb.cert.org | US Government Resource |
| SecurityFocus | BUGTRAQ | www.securityfocus.com | |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.