CVE-2012-2421

Absolute path traversal vulnerability in the intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, might allow remote attackers to read arbitrary files in ZIP archives via a full pathname in the URI.

CVSS v2.0 1.8 LOW

1.8^/10

CVSS v2.0 : LOW

Vector : AV:A/AC:H/Au:N/C:P/I:N/A:N

Exploitability : 3.2 / Impact : 2.9

Access Vector ADJACENT_NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.kb.cert.org/vuls/id/232979	US Government Resource
http://www.securityfocus.com/archive/1/522139
https://exchange.xforce.ibmcloud.com/vulnerabilities/75172
http://www.kb.cert.org/vuls/id/232979	US Government Resource
http://www.securityfocus.com/archive/1/522139
https://exchange.xforce.ibmcloud.com/vulnerabilities/75172

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:intuit:quickbooks:2009:::::::*
	cpe:2.3:a:intuit:quickbooks:2010:::::::*
	cpe:2.3:a:intuit:quickbooks:2011:::::::*
	cpe:2.3:a:intuit:quickbooks:2012:::::::*

cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*

History

21 Nov 2024, 01:39

Type	Values Removed	Values Added
References	~~() http://www.kb.cert.org/vuls/id/232979 - US Government Resource~~	() http://www.kb.cert.org/vuls/id/232979 - US Government Resource
References	~~() http://www.securityfocus.com/archive/1/522139 -~~	() http://www.securityfocus.com/archive/1/522139 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/75172 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/75172 -

Information

Published : 2012-04-25 20:55

Updated : 2024-11-21 01:39

NVD link : CVE-2012-2421

Mitre link : CVE-2012-2421

CVE.ORG link : CVE-2012-2421

JSON object : View

Products Affected

intuit

quickbooks

microsoft

internet_explorer

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2012-2421", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 1.8, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:H/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.2, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2012-04-25T20:55:01.340", "references": [{"url": "http://www.kb.cert.org/vuls/id/232979", "tags": ["US Government Resource"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/522139", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75172", "source": "cve@mitre.org"}, {"url": "http://www.kb.cert.org/vuls/id/232979", "tags": ["US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/522139", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75172", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Absolute path traversal vulnerability in the intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, might allow remote attackers to read arbitrary files in ZIP archives via a full pathname in the URI."}, {"lang": "es", "value": "Los manejadores intu-help-qb (tambi\u00e9n conocido como Intuit Help System Async Pluggable Protocol) en HelpAsyncPluggableProtocol.dll en Intuit QuickBooks v2009 hasta v2012, cuando se utiliza Internet Explorer, podr\u00eda permitir a atacantes remotos leer ficheros arbitrarios en archivos ZIP a trav\u00e9s de una ruta completa en el URI."}], "lastModified": "2024-11-21T01:39:04.643", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:intuit:quickbooks:2009:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "406C7E8C-1F81-482D-9E64-7DBFCBCFEEE6"}, {"criteria": "cpe:2.3:a:intuit:quickbooks:2010:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "16920868-86EE-483B-A6F1-383C7D006DF0"}, {"criteria": "cpe:2.3:a:intuit:quickbooks:2011:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B50F6D01-614E-4FDC-B4BE-4D0D3CEC52D6"}, {"criteria": "cpe:2.3:a:intuit:quickbooks:2012:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4736C29C-D28D-4116-908B-EE55DD892B41"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8682FAF3-98E3-485C-89CB-C0358C4E2AB0"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}