Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2418

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2012-2418
Last Modified 06 Nov 2012 12:11:49
Published 25 Apr 2012 04:55:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector ADJACENT_NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2012-2418

Summary

Heap-based buffer overflow in the intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a URI with a % (percent) character as its (1) last or (2) second-to-last character.

Vulnerable Systems

Application

  • Intuit Quickbooks 2009

  • Intuit Quickbooks 2010

  • Intuit Quickbooks 2011

  • Intuit Quickbooks 2012


References

CERT-VN - VU#232979

BUGTRAQ - 20120330 Intuit Help System Protocol URL Heap Corruption and Memory Leak

OSVDB - 80820


Last Updated: 27 May 2016 10:57:31