Intuit QuickBooks 2009 through 2012 have been reported to contain a file disclosure and heap corruption vulnerability.
Derek Soeder's vulnerability report states the following:
Intuit Help System Protocol File Retrieval
An attacker may be able to retrieve sensitive files or run arbitrary code.
QuickBooks 2008 through 2012 will automatically update to address this vulnerability. If you are unable to apply the latest updates, please consider the following workaround.
Disable the Intuit Help System protocol
Thanks to Derek Soeder for reporting this vulnerability.
This document was written by Jared Allar.
|Date First Published:||2012-04-02|
|Date Last Updated:||2012-05-21 18:24 UTC|