Unrated severityNVD Advisory· Published Apr 25, 2012· Updated Jun 16, 2026
CVE-2012-2421
CVE-2012-2421
Description
Absolute path traversal vulnerability in the intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, might allow remote attackers to read arbitrary files in ZIP archives via a full pathname in the URI.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5cpe:2.3:a:intuit:quickbooks:2009:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:intuit:quickbooks:2009:*:*:*:*:*:*:*
- cpe:2.3:a:intuit:quickbooks:2010:*:*:*:*:*:*:*
- cpe:2.3:a:intuit:quickbooks:2011:*:*:*:*:*:*:*
- cpe:2.3:a:intuit:quickbooks:2012:*:*:*:*:*:*:*
- (no CPE)range: 2009 through 2012
Patches
Vulnerability mechanics
References
3- www.kb.cert.org/vuls/id/232979nvdUS Government Resource
- www.securityfocus.com/archive/1/522139nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/75172nvd
News mentions
0No linked articles in our index yet.