Information Security all in one place!

Posts tagged “heap corruption

Intuit Quickbooks: Multiple Vulnerabilities


The following vulnerabilites have been discovered and privately reported for the following versions of Intuit Quickbooks products:

Quickbooks 2009 – Quickbooks 2012; in conjunction with Internet Explorer Versions 7-9

Vulnerabilities:

  1. Intuit Help System Protocol URL Heap Corruption and Memory Leak:Image representing Intuit as depicted in Crunc...
  • The vulnerability described in this document can potentially be
    exploited by malicious HTML and/or Javascript to execute arbitrary
    code as the user viewing the malicious content.
  1. Intuit Help System Protocol File Retrieval: 
  • The vulnerability described in this document can be exploited by
    malicious HTML and Javascript to retrieve a file from a ZIP archive to
    which the user viewing the HTML has local or network file system
    access.  The attacker must know or guess the path and file name of the
    target ZIP archive and the target file it contains.  A further
    significant limitation is that files in subdirectories inside of ZIP
    archives have proven inaccessible, based on a sampling of Windows
    ZIPs, Microsoft Office 2007 documents, JARs, and APKs.

No vendor response at the time of public release. More information with be posted has it becomes available.

Advertisements