Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, provide different responses to remote requests depending on whether a ZIP pathname is valid, which allows remote attackers to obtain potentially sensitive information about the installation path and product version via a series of requests involving the Msxml2.XMLHTTP object.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Intuit QuickBooks ‘HelpAsyncPluggableProtocol.dll’ 信息泄露漏洞
Vulnerability Description
Intuit QuickBooks 2009至2012版本中的HelpAsyncPluggableProtocol.dll中的intu-help-qb (也称Intuit Help System Async Pluggable Protocol) handlers中存在漏洞,该漏洞源于在使用Internet Explorer时,提供不同的响应给取决于ZIP路径是否有效的远程请求。远程攻击者可利用该漏洞借助一些列涉及Msxml2.XMLHTTP对象的请求获取关于安装路径和产品版本的潜在的敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A