CVE-2012-2421

Name of the Vulnerable Software and Affected Versions Intuit QuickBooks versions 2009 through 2012

Description The issue is related to an absolute path traversal vulnerability in the intu-help-qb handlers. This might allow remote attackers to read arbitrary files in ZIP archives via a full pathname in the URI when Internet Explorer is used.

Recommendations For Intuit QuickBooks versions 2009 through 2012, consider restricting access to the HelpAsyncPluggableProtocol.dll handlers as a temporary workaround until a patch is available. Avoid using Internet Explorer with these versions of Intuit QuickBooks to minimize the risk of exploitation.