VYPR
Unrated severityNVD Advisory· Published Apr 25, 2012· Updated Jun 16, 2026

CVE-2012-2421

CVE-2012-2421

Description

Absolute path traversal vulnerability in the intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, might allow remote attackers to read arbitrary files in ZIP archives via a full pathname in the URI.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

5
  • Intuit/Quickbooks5 versions
    cpe:2.3:a:intuit:quickbooks:2009:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:a:intuit:quickbooks:2009:*:*:*:*:*:*:*
    • cpe:2.3:a:intuit:quickbooks:2010:*:*:*:*:*:*:*
    • cpe:2.3:a:intuit:quickbooks:2011:*:*:*:*:*:*:*
    • cpe:2.3:a:intuit:quickbooks:2012:*:*:*:*:*:*:*
    • (no CPE)range: 2009 through 2012

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.