PT-2012-4032 · Microsoft+1 · Internet Explorer+1

Derek Soeder

Published

2012-04-25

Updated

2021-07-23

CVE-2012-2421

CVSS v2.0

1.8

Low

Vector

AV:A/AC:H/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Intuit QuickBooks versions 2009 through 2012

Description The issue is related to an absolute path traversal vulnerability in the intu-help-qb handlers. This might allow remote attackers to read arbitrary files in ZIP archives via a full pathname in the URI when Internet Explorer is used.

Recommendations For Intuit QuickBooks versions 2009 through 2012, consider restricting access to the HelpAsyncPluggableProtocol.dll handlers as a temporary workaround until a patch is available. Avoid using Internet Explorer with these versions of Intuit QuickBooks to minimize the risk of exploitation.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2012-2421

Affected Products

Internet Explorer

Intuit Quickbooks

PT-2012-4032 · Microsoft+1 · Internet Explorer+1

CVE-2012-2421

Weakness Enumeration

Related Identifiers

Affected Products

References · 4