CVE-2012-2421

Sažetak

Absolute path traversal vulnerability in the intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, might allow remote attackers to read arbitrary files in ZIP archives via a full pathname in the URI.

Reference

http://www.kb.cert.org/vuls/id/232979
http://www.securityfocus.com/archive/1/522139
https://exchange.xforce.ibmcloud.com/vulnerabilities/75172

CVSS

Base:	1.8
Impact:	2.9
Exploitability:	3.2

Pristup

Vektor	Složenost	Autentikacija
ADJACENT_NETWORK	HIGH	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:A/AC:H/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

23-07-2021 - 15:12

Objavljeno

25-04-2012 - 20:55