CVE-2018-3854
Summary
| CVE | CVE-2018-3854 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-12-03 22:29:00 UTC |
| Updated | 2022-12-03 14:20:00 UTC |
| Description | An exploitable information disclosure vulnerability exists in the password protection functionality of Quicken Deluxe 2018 for Mac version 5.2.2. A specially crafted sqlite3 request can cause the removal of the password protection, allowing an attacker to access and modify the data without knowing the password. An attacker needs to have access to the password-protected files to trigger this vulnerability. |
Risk And Classification
Problem Types: CWE-200
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Intuit | Quicken 2018 | 5.2.2 | All | All | All |
| Application | Intuit | Quicken 2018 | 5.2.2 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| TALOS-2018-0537 || Cisco Talos Intelligence Group - Comprehensive Threat Intelligence | MISC | www.talosintelligence.com | Exploit, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.