CVE-2012-2421

Published: Apr 25, 2012Modified: Apr 29, 2026

1.8

Vector

AV:A/AC:H/Au:N/C:P/I:N/A:N

Exploitability: 3.2 / Impact: 2.9

Source: NVD

Description

Absolute path traversal vulnerability in the intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, might allow remote attackers to read arbitrary files in ZIP archives via a full pathname in the URI.

Affected (4)

Products: Intuit: Quickbooks

1 product

Configuration A

4 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intuit Quickbooks	Version 2009
Intuit Quickbooks	Version 2010
Intuit Quickbooks	Version 2011
Intuit Quickbooks	Version 2012

Running on/with	Platform Versions
Microsoft Internet Explorer	All versions

Related CWEs

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (6)

http://www.kb.cert.org/vuls/id/232979

Source: cve@mitre.org

US Government Resource

http://www.securityfocus.com/archive/1/522139

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/75172

Source: cve@mitre.org

http://www.kb.cert.org/vuls/id/232979

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.securityfocus.com/archive/1/522139

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/75172

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.