Unrated severityNVD Advisory· Published Apr 25, 2012· Updated Apr 29, 2026

CVE-2012-2421

Description

Absolute path traversal vulnerability in the intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, might allow remote attackers to read arbitrary files in ZIP archives via a full pathname in the URI.

Affected products

Intuit/Quickbooks4 versions
cpe:2.3:a:intuit:quickbooks:2009:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:intuit:quickbooks:2009:*:*:*:*:*:*:*
- cpe:2.3:a:intuit:quickbooks:2010:*:*:*:*:*:*:*
- cpe:2.3:a:intuit:quickbooks:2011:*:*:*:*:*:*:*
- cpe:2.3:a:intuit:quickbooks:2012:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.kb.cert.org/vuls/id/232979nvdUS Government Resource
www.securityfocus.com/archive/1/522139nvd
exchange.xforce.ibmcloud.com/vulnerabilities/75172nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000