Intuit QuickBooks Help System Multiple Vulnerabilities
Synopsis :
Business accounting software installed on the remote Windows host has
multiple vulnerabilities.
Description :
The version of QuickBooks installed on the remote host has multiple
vulnerabilities. QuickBooks versions 2008 through 2012 have a file
information disclosure and a heap overflow vulnerability. No fix is
currently available - this finding is reported based on the absence of
a known workaround.
A remote attacker could exploit these issues by tricking a user into
requesting a maliciously crafted web page, resulting in arbitrary code
execution.
See also :
only registered users with at least 25 hack challenge points can see links: click here in order to visit the hack challengeshttp://www.securityfocus.com/archive/1/522138
only registered users with at least 25 hack challenge points can see links: click here in order to visit the hack challengeshttp://www.securityfocus.com/archive/1/522139
Solution :
The vendor reportedly plans to release a fix in late April 2012.
Workarounds that disable QuickBooks help pages are available. Refer
to the researcher's advisory for more information. Note that deleting
or renaming the affected DLL may not be adequate under some
circumstances.
Risk factor :
High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
original thread: only registered users with at least 25 hack challenge points can see links: click here in order to visit the hack challengeshttp://www.nessus.org/plugins/index.php?view=single&id=58848
